Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/cms@9.0.0
Typecomposer
Namespacetypo3
Namecms
Version9.0.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.5.25
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-11u3-8xzy-jfhh
vulnerability_id VCID-11u3-8xzy-jfhh
summary 
Typo3 Security Misconfiguration in Frontend Session Handling
It has been discovered session data of properly authenticated and logged in frontend users is kept and transformed into an anonymous user session during the logout process. This way the next user using the same client application gains access to previous session data.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-06-25-3.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-06-25-3.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-018
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-018
3
reference_url https://github.com/advisories/GHSA-qr5f-6fcv-w69q
reference_id GHSA-qr5f-6fcv-w69q
reference_type
scores
url https://github.com/advisories/GHSA-qr5f-6fcv-w69q
fixed_packages
0
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases GHSA-qr5f-6fcv-w69q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-11u3-8xzy-jfhh
1
url VCID-1ffs-9vj5-27hk
vulnerability_id VCID-1ffs-9vj5-27hk
summary 
Path Traversal
Due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default `_fileDenyPattern_` successfully blocked files like `_.htaccess_` or `_malicious.php_`. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21357
reference_id
reference_type
scores
0
value 0.01121
scoring_system epss
scoring_elements 0.78584
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21357
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21357.yaml
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21357.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21357.yaml
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21357.yaml
3
reference_url https://packagist.org/packages/typo3/cms-form
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-form
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-003
reference_id
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-003
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21357
reference_id CVE-2021-21357
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21357
6
reference_url https://github.com/advisories/GHSA-3vg7-jw9m-pc3f
reference_id GHSA-3vg7-jw9m-pc3f
reference_type
scores
url https://github.com/advisories/GHSA-3vg7-jw9m-pc3f
7
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f
reference_id GHSA-3vg7-jw9m-pc3f
reference_type
scores
0
value 8.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f
fixed_packages
0
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
1
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
2
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21357, GHSA-3vg7-jw9m-pc3f
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ffs-9vj5-27hk
2
url VCID-1sfk-z8py-ykb8
vulnerability_id VCID-1sfk-z8py-ykb8
summary 
Deserialization of Untrusted Data
In TYPO3 CMS, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization & remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15098
reference_id
reference_type
scores
0
value 0.02358
scoring_system epss
scoring_elements 0.85213
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15098
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-15098.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-15098.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-15098.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-15098.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS
4
reference_url https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/commit/85d3e70dff35a99ef53f4b561114acfa9e5c47e1
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2016-013
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2016-013
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2020-008
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2020-008
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-5091
reference_id CVE-2016-5091
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2016-5091
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15098
reference_id CVE-2020-15098
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15098
9
reference_url https://github.com/advisories/GHSA-m5vr-3m74-jwxp
reference_id GHSA-m5vr-3m74-jwxp
reference_type
scores
url https://github.com/advisories/GHSA-m5vr-3m74-jwxp
10
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp
reference_id GHSA-m5vr-3m74-jwxp
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-m5vr-3m74-jwxp
fixed_packages
0
url pkg:composer/typo3/cms@9.5.20
purl pkg:composer/typo3/cms@9.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4an7-9ph4-mkd4
2
vulnerability VCID-6mnf-2fcw-dqgp
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-ev4k-5k1d-2bhu
5
vulnerability VCID-fqkx-v8t5-q3h6
6
vulnerability VCID-jp1p-rfxa-hyd9
7
vulnerability VCID-tgyt-axv1-c7ag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.20
1
url pkg:composer/typo3/cms@10.4.6
purl pkg:composer/typo3/cms@10.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-2tz2-8qdm-2kcv
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-6urp-p9mn-cffv
5
vulnerability VCID-848u-w88s-5bbe
6
vulnerability VCID-c46m-ht19-ybc4
7
vulnerability VCID-ev4k-5k1d-2bhu
8
vulnerability VCID-fqkx-v8t5-q3h6
9
vulnerability VCID-jp1p-rfxa-hyd9
10
vulnerability VCID-tgyt-axv1-c7ag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.6
aliases CVE-2020-15098, GHSA-m5vr-3m74-jwxp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1sfk-z8py-ykb8
3
url VCID-28fn-ncj5-2ufk
vulnerability_id VCID-28fn-ncj5-2ufk
summary 
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Failing to properly encode user input, online media asset rendering (`*.youtube` and `*.vimeo` files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-1.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-1.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/20927adfb8aae0093508c904937e40114b92a90c
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/20927adfb8aae0093508c904937e40114b92a90c
3
reference_url https://github.com/TYPO3/typo3/commit/a32a9a746f807b14571139f0cb7caa00b8d037a5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/a32a9a746f807b14571139f0cb7caa00b8d037a5
4
reference_url https://github.com/TYPO3/typo3/commit/c9174937802581bfecfaa788512a4f6e5cf8e9c7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/c9174937802581bfecfaa788512a4f6e5cf8e9c7
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-006
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-006
6
reference_url https://github.com/advisories/GHSA-8m6j-p5jv-v69w
reference_id GHSA-8m6j-p5jv-v69w
reference_type
scores
url https://github.com/advisories/GHSA-8m6j-p5jv-v69w
fixed_packages
0
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-8m6j-p5jv-v69w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-28fn-ncj5-2ufk
4
url VCID-2rhr-8vaz-hqfj
vulnerability_id VCID-2rhr-8vaz-hqfj
summary 
Cross-site Scripting
TYPO3 is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32768
reference_id
reference_type
scores
0
value 0.00284
scoring_system epss
scoring_elements 0.52048
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32768
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32768.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32768.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32768.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32768.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v
4
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-c5c9-8c6m-727v
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-c5c9-8c6m-727v
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-013
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-013
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32768
reference_id CVE-2021-32768
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32768
fixed_packages
0
url pkg:composer/typo3/cms@9.5.29
purl pkg:composer/typo3/cms@9.5.29
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.29
1
url pkg:composer/typo3/cms@10.4.19
purl pkg:composer/typo3/cms@10.4.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.19
2
url pkg:composer/typo3/cms@11.3.2
purl pkg:composer/typo3/cms@11.3.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.3.2
aliases CVE-2021-32768, GHSA-c5c9-8c6m-727v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rhr-8vaz-hqfj
5
url VCID-39vn-73mc-jqav
vulnerability_id VCID-39vn-73mc-jqav
summary 
TYPO3 Cross-Site Scripting in Form Framework validation handling
It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-12-17-1.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-12-17-1.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/966a0038c16c04d484c1703fba9fdc13f3e7a95c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/966a0038c16c04d484c1703fba9fdc13f3e7a95c
3
reference_url https://github.com/TYPO3/typo3/commit/9692bf83f8310cca17c9a968c4fe92ffe0deb59d
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/9692bf83f8310cca17c9a968c4fe92ffe0deb59d
4
reference_url https://github.com/TYPO3/typo3/commit/e971b012c837f1e64c1498b567ef6eec304febe5
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/e971b012c837f1e64c1498b567ef6eec304febe5
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-021
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-021
6
reference_url https://github.com/advisories/GHSA-v8m4-3w37-ghxx
reference_id GHSA-v8m4-3w37-ghxx
reference_type
scores
url https://github.com/advisories/GHSA-v8m4-3w37-ghxx
fixed_packages
0
url pkg:composer/typo3/cms@9.5.12
purl pkg:composer/typo3/cms@9.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-bcbd-zzet-mff6
8
vulnerability VCID-e6zr-4bgg-kkh5
9
vulnerability VCID-ev4k-5k1d-2bhu
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-jp1p-rfxa-hyd9
12
vulnerability VCID-n1gz-y615-cbbk
13
vulnerability VCID-tgyt-axv1-c7ag
14
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12
1
url pkg:composer/typo3/cms@10.2.1
purl pkg:composer/typo3/cms@10.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-2tz2-8qdm-2kcv
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-6urp-p9mn-cffv
6
vulnerability VCID-848u-w88s-5bbe
7
vulnerability VCID-8w4e-d49b-nbg8
8
vulnerability VCID-bbh5-rss8-bfct
9
vulnerability VCID-bcbd-zzet-mff6
10
vulnerability VCID-c46m-ht19-ybc4
11
vulnerability VCID-e6zr-4bgg-kkh5
12
vulnerability VCID-ev4k-5k1d-2bhu
13
vulnerability VCID-fqkx-v8t5-q3h6
14
vulnerability VCID-jp1p-rfxa-hyd9
15
vulnerability VCID-n1gz-y615-cbbk
16
vulnerability VCID-r3az-g422-gqf9
17
vulnerability VCID-tgyt-axv1-c7ag
18
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.1
aliases GHSA-v8m4-3w37-ghxx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-39vn-73mc-jqav
6
url VCID-3k2k-a3gb-n3ba
vulnerability_id VCID-3k2k-a3gb-n3ba
summary 
Typo3 Information Disclosure in Page Tree
It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-05-07-4.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-05-07-4.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-009
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-009
3
reference_url https://github.com/advisories/GHSA-h934-f4m4-wc8x
reference_id GHSA-h934-f4m4-wc8x
reference_type
scores
url https://github.com/advisories/GHSA-h934-f4m4-wc8x
fixed_packages
0
url pkg:composer/typo3/cms@9.5.6
purl pkg:composer/typo3/cms@9.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-4eym-e6vt-8fbs
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-7m6u-k5tp-gkhy
6
vulnerability VCID-7xv1-78u7-xufp
7
vulnerability VCID-848u-w88s-5bbe
8
vulnerability VCID-8w4e-d49b-nbg8
9
vulnerability VCID-bbh5-rss8-bfct
10
vulnerability VCID-cbmm-1b2k-8qaz
11
vulnerability VCID-cvk2-93hm-gkhx
12
vulnerability VCID-e6zr-4bgg-kkh5
13
vulnerability VCID-ev4k-5k1d-2bhu
14
vulnerability VCID-fqkx-v8t5-q3h6
15
vulnerability VCID-fut7-bb1f-37g7
16
vulnerability VCID-jp1p-rfxa-hyd9
17
vulnerability VCID-n1gz-y615-cbbk
18
vulnerability VCID-nney-azbc-pucg
19
vulnerability VCID-p7gd-anw2-1qbz
20
vulnerability VCID-qv14-m93d-jyd9
21
vulnerability VCID-rqrw-t2kj-mud8
22
vulnerability VCID-tgyt-axv1-c7ag
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zeut-9wfp-q7et
26
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6
aliases GHSA-h934-f4m4-wc8x
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3k2k-a3gb-n3ba
7
url VCID-3ugj-6m1e-e3hr
vulnerability_id VCID-3ugj-6m1e-e3hr
summary 
Cross-site Scripting
Cross-Site Scripting in Online Media Asset Rendering.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-006/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-006/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-97
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ugj-6m1e-e3hr
8
url VCID-3ye6-vqje-abh4
vulnerability_id VCID-3ye6-vqje-abh4
summary Information Disclosure in Page Tree.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-009/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-009/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.6
purl pkg:composer/typo3/cms@9.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-4eym-e6vt-8fbs
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-7m6u-k5tp-gkhy
6
vulnerability VCID-7xv1-78u7-xufp
7
vulnerability VCID-848u-w88s-5bbe
8
vulnerability VCID-8w4e-d49b-nbg8
9
vulnerability VCID-bbh5-rss8-bfct
10
vulnerability VCID-cbmm-1b2k-8qaz
11
vulnerability VCID-cvk2-93hm-gkhx
12
vulnerability VCID-e6zr-4bgg-kkh5
13
vulnerability VCID-ev4k-5k1d-2bhu
14
vulnerability VCID-fqkx-v8t5-q3h6
15
vulnerability VCID-fut7-bb1f-37g7
16
vulnerability VCID-jp1p-rfxa-hyd9
17
vulnerability VCID-n1gz-y615-cbbk
18
vulnerability VCID-nney-azbc-pucg
19
vulnerability VCID-p7gd-anw2-1qbz
20
vulnerability VCID-qv14-m93d-jyd9
21
vulnerability VCID-rqrw-t2kj-mud8
22
vulnerability VCID-tgyt-axv1-c7ag
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zeut-9wfp-q7et
26
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6
aliases GMS-2019-183
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ye6-vqje-abh4
9
url VCID-4an7-9ph4-mkd4
vulnerability_id VCID-4an7-9ph4-mkd4
summary 
Cleartext Storage of Sensitive Information
TYPO3 is an open source PHP based web content management system. In TYPO3 user session identifiers were stored in cleartext - without processing with additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26228
reference_id
reference_type
scores
0
value 0.00177
scoring_system epss
scoring_elements 0.39002
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26228
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-26228.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-26228.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-26228.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-26228.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-954j-f27r-cj52
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-954j-f27r-cj52
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2020-011
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2020-011
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26228
reference_id CVE-2020-26228
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26228
fixed_packages
0
url pkg:composer/typo3/cms@9.5.23
purl pkg:composer/typo3/cms@9.5.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-6mnf-2fcw-dqgp
2
vulnerability VCID-848u-w88s-5bbe
3
vulnerability VCID-ev4k-5k1d-2bhu
4
vulnerability VCID-fqkx-v8t5-q3h6
5
vulnerability VCID-jp1p-rfxa-hyd9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.23
1
url pkg:composer/typo3/cms@10.4.10
purl pkg:composer/typo3/cms@10.4.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-6mnf-2fcw-dqgp
2
vulnerability VCID-6urp-p9mn-cffv
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-c46m-ht19-ybc4
5
vulnerability VCID-ev4k-5k1d-2bhu
6
vulnerability VCID-fqkx-v8t5-q3h6
7
vulnerability VCID-jp1p-rfxa-hyd9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.10
aliases CVE-2020-26228, GHSA-954j-f27r-cj52
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4an7-9ph4-mkd4
10
url VCID-4eym-e6vt-8fbs
vulnerability_id VCID-4eym-e6vt-8fbs
summary 
Code Injection
Arbitrary Code Execution and Cross-Site Scripting in Backend API.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-019/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-019/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases GMS-2019-188
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4eym-e6vt-8fbs
11
url VCID-4jck-w9ct-budk
vulnerability_id VCID-4jck-w9ct-budk
summary 
Cross-site Scripting
Cross-Site Scripting in Language Pack Handling.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-004/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-004/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GMS-2019-179
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4jck-w9ct-budk
12
url VCID-66kh-c1dm-8fbf
vulnerability_id VCID-66kh-c1dm-8fbf
summary 
Authentication Bypass in TYPO3 CMS
It has been discovered that TYPO3’s Salted Password system extension (which is a mandatory system component) is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing algorithm can be overridden when using MD5 as the default hashing algorithm by just knowing a valid username. Per default the Portable PHP hashing algorithm (PHPass) is used which is not vulnerable.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-1.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-1.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-001
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-001
3
reference_url https://github.com/advisories/GHSA-6f9m-v7mp-7jjq
reference_id GHSA-6f9m-v7mp-7jjq
reference_type
scores
url https://github.com/advisories/GHSA-6f9m-v7mp-7jjq
fixed_packages
0
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ugj-6m1e-e3hr
3
vulnerability VCID-3ye6-vqje-abh4
4
vulnerability VCID-4an7-9ph4-mkd4
5
vulnerability VCID-4eym-e6vt-8fbs
6
vulnerability VCID-4jck-w9ct-budk
7
vulnerability VCID-6mnf-2fcw-dqgp
8
vulnerability VCID-7ch1-q9f4-a7bt
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-7xv1-78u7-xufp
11
vulnerability VCID-848u-w88s-5bbe
12
vulnerability VCID-8w4e-d49b-nbg8
13
vulnerability VCID-953t-q1cr-zyd6
14
vulnerability VCID-9adx-p876-kyb5
15
vulnerability VCID-am6s-67bm-77dr
16
vulnerability VCID-bbh5-rss8-bfct
17
vulnerability VCID-cvk2-93hm-gkhx
18
vulnerability VCID-dsqm-9q3e-dudw
19
vulnerability VCID-e6zr-4bgg-kkh5
20
vulnerability VCID-emqq-kwjg-3kfk
21
vulnerability VCID-ev4k-5k1d-2bhu
22
vulnerability VCID-fqkx-v8t5-q3h6
23
vulnerability VCID-fut7-bb1f-37g7
24
vulnerability VCID-hp99-ncuh-6ugv
25
vulnerability VCID-jp1p-rfxa-hyd9
26
vulnerability VCID-jq5y-7h9g-mufa
27
vulnerability VCID-k5t3-28es-h3ez
28
vulnerability VCID-khpm-e1xb-hydb
29
vulnerability VCID-n1gz-y615-cbbk
30
vulnerability VCID-nney-azbc-pucg
31
vulnerability VCID-p7gd-anw2-1qbz
32
vulnerability VCID-pmvp-twk2-jqe4
33
vulnerability VCID-qv14-m93d-jyd9
34
vulnerability VCID-qxab-9uwr-yqhv
35
vulnerability VCID-rqrw-t2kj-mud8
36
vulnerability VCID-ru6w-m6q6-27gn
37
vulnerability VCID-sdsa-mh76-kqch
38
vulnerability VCID-tgyt-axv1-c7ag
39
vulnerability VCID-u259-2sxq-tbct
40
vulnerability VCID-vw2r-g8yy-eyf4
41
vulnerability VCID-x5x1-w7yv-eye9
42
vulnerability VCID-xw1s-93bu-wuh9
43
vulnerability VCID-y7ds-p5r2-yuhq
44
vulnerability VCID-yz6t-ge1y-qfgr
45
vulnerability VCID-zeut-9wfp-q7et
46
vulnerability VCID-zkvq-bms4-gfcv
47
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GHSA-6f9m-v7mp-7jjq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66kh-c1dm-8fbf
13
url VCID-6mnf-2fcw-dqgp
vulnerability_id VCID-6mnf-2fcw-dqgp
summary 
Asymmetric Resource Consumption (Amplification)
Requesting invalid or non-existing resources via HTTP, triggers the page error handler which again could retrieve content to be shown as error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21359
reference_id
reference_type
scores
0
value 0.00589
scoring_system epss
scoring_elements 0.69527
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21359
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21359.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21359.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21359.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21359.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4p9g-qgx9-397p
4
reference_url https://packagist.org/packages/typo3/cms-core
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-core
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-005
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-005
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21359
reference_id CVE-2021-21359
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:F/RL:O/RC:C
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21359
fixed_packages
0
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
1
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
2
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21359, GHSA-4p9g-qgx9-397p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6mnf-2fcw-dqgp
14
url VCID-7ch1-q9f4-a7bt
vulnerability_id VCID-7ch1-q9f4-a7bt
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Bootstrap, XSS is possible in the data-target property of scrollspy.
references
0
reference_url http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
1
reference_url http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
2
reference_url https://access.redhat.com/errata/RHSA-2019:1456
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://access.redhat.com/errata/RHSA-2019:1456
3
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14041.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14041.json
4
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14041
reference_id
reference_type
scores
0
value 0.07723
scoring_system epss
scoring_elements 0.92076
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14041
5
reference_url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements
1
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2
6
reference_url http://seclists.org/fulldisclosure/2019/May/10
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/May/10
7
reference_url http://seclists.org/fulldisclosure/2019/May/11
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/May/11
8
reference_url http://seclists.org/fulldisclosure/2019/May/13
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/May/13
9
reference_url https://github.com/twbs/bootstrap
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap
10
reference_url https://github.com/twbs/bootstrap/issues/26423
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/issues/26423
11
reference_url https://github.com/twbs/bootstrap/issues/26627
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/issues/26627
12
reference_url https://github.com/twbs/bootstrap/pull/26630
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/twbs/bootstrap/pull/26630
13
reference_url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E
18
reference_url https://seclists.org/bugtraq/2019/May/18
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/18
19
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-006
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-006
20
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
21
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1601616
reference_id 1601616
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1601616
22
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-14041
reference_id CVE-2018-14041
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-14041
23
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml
reference_id CVE-2018-14041.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml
24
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml
reference_id CVE-2018-14041.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml
25
reference_url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml
reference_id CVE-2018-14041.YML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml
26
reference_url https://github.com/advisories/GHSA-pj7m-g53m-7638
reference_id GHSA-pj7m-g53m-7638
reference_type
scores
url https://github.com/advisories/GHSA-pj7m-g53m-7638
27
reference_url https://access.redhat.com/errata/RHSA-2023:0552
reference_id RHSA-2023:0552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0552
28
reference_url https://access.redhat.com/errata/RHSA-2023:0553
reference_id RHSA-2023:0553
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0553
29
reference_url https://access.redhat.com/errata/RHSA-2023:0554
reference_id RHSA-2023:0554
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0554
30
reference_url https://access.redhat.com/errata/RHSA-2023:0556
reference_id RHSA-2023:0556
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0556
31
reference_url https://access.redhat.com/errata/RHSA-2023:5693
reference_id RHSA-2023:5693
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5693
fixed_packages
0
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases CVE-2018-14041, GHSA-pj7m-g53m-7638
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ch1-q9f4-a7bt
15
url VCID-7m6u-k5tp-gkhy
vulnerability_id VCID-7m6u-k5tp-gkhy
summary Insecure Deserialization in TYPO3 CMS.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-020/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-020/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases GMS-2019-189
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7m6u-k5tp-gkhy
16
url VCID-7xv1-78u7-xufp
vulnerability_id VCID-7xv1-78u7-xufp
summary 
Deserialization of Untrusted Data
Possible deserialization side-effects in `symfony/cache`.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-016/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-016/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases GMS-2019-190
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7xv1-78u7-xufp
17
url VCID-848u-w88s-5bbe
vulnerability_id VCID-848u-w88s-5bbe
summary 
Unrestricted Upload of File with Dangerous Type
Due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default `_fileDenyPattern_` successfully blocked files like `_.htaccess_` or `_malicious.php_`. Additionally, `_UploadedFileReferenceConverter_` transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, `_UploadedFileReferenceConverter_` accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location `_/fileadmin/user_upload/_`, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21355
reference_id
reference_type
scores
0
value 0.00416
scoring_system epss
scoring_elements 0.62059
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21355
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21355.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21355.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21355.yaml
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21355.yaml
3
reference_url https://packagist.org/packages/typo3/cms-form
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-form
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-002
reference_id
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-002
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21355
reference_id CVE-2021-21355
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21355
6
reference_url https://github.com/advisories/GHSA-2r6j-862c-m2v2
reference_id GHSA-2r6j-862c-m2v2
reference_type
scores
url https://github.com/advisories/GHSA-2r6j-862c-m2v2
7
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2
reference_id GHSA-2r6j-862c-m2v2
reference_type
scores
0
value 8.6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2
fixed_packages
0
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
1
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
2
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21355, GHSA-2r6j-862c-m2v2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-848u-w88s-5bbe
18
url VCID-8w4e-d49b-nbg8
vulnerability_id VCID-8w4e-d49b-nbg8
summary 
Cross-Site Request Forgery (CSRF)
In TYPO3 CMS, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server. Scripts are then executed with the privileges of the victims' user session. In a worst-case scenario, new admin users can be created which can directly be used by an attacker. The vulnerability is basically a cross-site request forgery (CSRF) triggered by a cross-site scripting vulnerability (XSS). Malicious payload such as HTML containing JavaScript might be provided by either an authenticated backend user or by a non-authenticated user using a third party extension, e.g., file upload in a contact form with knowing the target location. To be successful, the attacked victim requires an active and valid backend or install tool user session at the time of the attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-11069
reference_id
reference_type
scores
0
value 0.00398
scoring_system epss
scoring_elements 0.60932
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-11069
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-11069.yaml
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-11069.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-11069.yaml
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-11069.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-pqg8-crx9-g8m4
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-pqg8-crx9-g8m4
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2020-006
reference_id
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2020-006
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11069
reference_id CVE-2020-11069
reference_type
scores
0
value 8.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-11069
fixed_packages
0
url pkg:composer/typo3/cms@9.5.17
purl pkg:composer/typo3/cms@9.5.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-ev4k-5k1d-2bhu
6
vulnerability VCID-fqkx-v8t5-q3h6
7
vulnerability VCID-jp1p-rfxa-hyd9
8
vulnerability VCID-tgyt-axv1-c7ag
9
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.17
1
url pkg:composer/typo3/cms@10.4.2
purl pkg:composer/typo3/cms@10.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-2tz2-8qdm-2kcv
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-6urp-p9mn-cffv
6
vulnerability VCID-848u-w88s-5bbe
7
vulnerability VCID-c46m-ht19-ybc4
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-tgyt-axv1-c7ag
12
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.2
aliases CVE-2020-11069, GHSA-pqg8-crx9-g8m4
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8w4e-d49b-nbg8
19
url VCID-94r9-hh4g-jkej
vulnerability_id VCID-94r9-hh4g-jkej
summary 
TYPO3 CMS Possible Insecure Deserialization in Extbase Request Handling
It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized.

However, since sensitive information could have been leaked by accident (e.g. in repositories or in commonly known and unprotected backup files), there is the possibility that attackers know the private encryptionKey and are able to calculate the required HMAC-SHA1 to allow a malicious payload to be deserialized.

Requirements for successfully exploiting this vulnerability (all of the following):

- rendering at least one Extbase plugin in the frontend
- encryptionKey has been leaked (from LocalConfiguration.php or corresponding .env file)
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-12-17-7.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-12-17-7.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/57e4ed35a6e58521a931855e702b2688b3bc3d62
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/57e4ed35a6e58521a931855e702b2688b3bc3d62
3
reference_url https://github.com/TYPO3/typo3/commit/b1626ad8fd4aebedc15e424a76f86094d78b2564
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/b1626ad8fd4aebedc15e424a76f86094d78b2564
4
reference_url https://typo3.org/security/advisory/typo3-psa-2019-011
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-psa-2019-011
5
reference_url https://github.com/advisories/GHSA-hh95-5xm5-v8v7
reference_id GHSA-hh95-5xm5-v8v7
reference_type
scores
url https://github.com/advisories/GHSA-hh95-5xm5-v8v7
fixed_packages
0
url pkg:composer/typo3/cms@9.5.12
purl pkg:composer/typo3/cms@9.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-bcbd-zzet-mff6
8
vulnerability VCID-e6zr-4bgg-kkh5
9
vulnerability VCID-ev4k-5k1d-2bhu
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-jp1p-rfxa-hyd9
12
vulnerability VCID-n1gz-y615-cbbk
13
vulnerability VCID-tgyt-axv1-c7ag
14
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12
aliases GHSA-hh95-5xm5-v8v7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-94r9-hh4g-jkej
20
url VCID-953t-q1cr-zyd6
vulnerability_id VCID-953t-q1cr-zyd6
summary 
Cross-site Scripting
Cross-Site Scripting in Backend Modal Component.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-007/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-007/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-98
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-953t-q1cr-zyd6
21
url VCID-9adx-p876-kyb5
vulnerability_id VCID-9adx-p876-kyb5
summary Information Disclosure in User Authentication.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-010/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-010/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.6
purl pkg:composer/typo3/cms@9.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-4eym-e6vt-8fbs
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-7m6u-k5tp-gkhy
6
vulnerability VCID-7xv1-78u7-xufp
7
vulnerability VCID-848u-w88s-5bbe
8
vulnerability VCID-8w4e-d49b-nbg8
9
vulnerability VCID-bbh5-rss8-bfct
10
vulnerability VCID-cbmm-1b2k-8qaz
11
vulnerability VCID-cvk2-93hm-gkhx
12
vulnerability VCID-e6zr-4bgg-kkh5
13
vulnerability VCID-ev4k-5k1d-2bhu
14
vulnerability VCID-fqkx-v8t5-q3h6
15
vulnerability VCID-fut7-bb1f-37g7
16
vulnerability VCID-jp1p-rfxa-hyd9
17
vulnerability VCID-n1gz-y615-cbbk
18
vulnerability VCID-nney-azbc-pucg
19
vulnerability VCID-p7gd-anw2-1qbz
20
vulnerability VCID-qv14-m93d-jyd9
21
vulnerability VCID-rqrw-t2kj-mud8
22
vulnerability VCID-tgyt-axv1-c7ag
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zeut-9wfp-q7et
26
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6
aliases GMS-2019-184
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9adx-p876-kyb5
22
url VCID-9yu1-z7c2-t3fj
vulnerability_id VCID-9yu1-z7c2-t3fj
summary 
TYPO3 Cross-Site Scripting in Form Framework
Failing to properly encode user input, frontend forms handled by the form framework (system extension “form”) are vulnerable to cross-site scripting.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-6.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-6.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/79528f75e23c2832db321f36d777c1427553f764
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/79528f75e23c2832db321f36d777c1427553f764
3
reference_url https://github.com/TYPO3/typo3/commit/a0c4348188559596f292ea03983171bde29d9870
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/a0c4348188559596f292ea03983171bde29d9870
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-007
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-007
5
reference_url https://github.com/advisories/GHSA-4h5c-5g25-v7fh
reference_id GHSA-4h5c-5g25-v7fh
reference_type
scores
url https://github.com/advisories/GHSA-4h5c-5g25-v7fh
fixed_packages
0
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GHSA-4h5c-5g25-v7fh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9yu1-z7c2-t3fj
23
url VCID-a1g9-pyz5-9fca
vulnerability_id VCID-a1g9-pyz5-9fca
summary 
Cross-site Scripting
TYPO3 contains a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded, corresponding page preview module (`_Web>View_`) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 contain a patch for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32667
reference_id
reference_type
scores
0
value 0.00415
scoring_system epss
scoring_elements 0.61978
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32667
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32667.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32667.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32667.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32667.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-8mq9-fqv8-59wf
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-8mq9-fqv8-59wf
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-8mq9-fqv8-59wf
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-8mq9-fqv8-59wf
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-009
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-009
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32667
reference_id CVE-2021-32667
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32667
fixed_packages
0
url pkg:composer/typo3/cms@9.5.28
purl pkg:composer/typo3/cms@9.5.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-j8hk-bqnb-gycp
2
vulnerability VCID-sdjb-gp4t-vbgt
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.28
1
url pkg:composer/typo3/cms@10.4.18
purl pkg:composer/typo3/cms@10.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.18
2
url pkg:composer/typo3/cms@11.3.1
purl pkg:composer/typo3/cms@11.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.3.1
aliases CVE-2021-32667, GHSA-8mq9-fqv8-59wf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a1g9-pyz5-9fca
24
url VCID-abjx-8v46-d7d8
vulnerability_id VCID-abjx-8v46-d7d8
summary 
Improper Authentication
Authentication Bypass in TYPO3 CMS.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-001/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-001/
fixed_packages
0
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ugj-6m1e-e3hr
3
vulnerability VCID-3ye6-vqje-abh4
4
vulnerability VCID-4an7-9ph4-mkd4
5
vulnerability VCID-4eym-e6vt-8fbs
6
vulnerability VCID-4jck-w9ct-budk
7
vulnerability VCID-6mnf-2fcw-dqgp
8
vulnerability VCID-7ch1-q9f4-a7bt
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-7xv1-78u7-xufp
11
vulnerability VCID-848u-w88s-5bbe
12
vulnerability VCID-8w4e-d49b-nbg8
13
vulnerability VCID-953t-q1cr-zyd6
14
vulnerability VCID-9adx-p876-kyb5
15
vulnerability VCID-am6s-67bm-77dr
16
vulnerability VCID-bbh5-rss8-bfct
17
vulnerability VCID-cvk2-93hm-gkhx
18
vulnerability VCID-dsqm-9q3e-dudw
19
vulnerability VCID-e6zr-4bgg-kkh5
20
vulnerability VCID-emqq-kwjg-3kfk
21
vulnerability VCID-ev4k-5k1d-2bhu
22
vulnerability VCID-fqkx-v8t5-q3h6
23
vulnerability VCID-fut7-bb1f-37g7
24
vulnerability VCID-hp99-ncuh-6ugv
25
vulnerability VCID-jp1p-rfxa-hyd9
26
vulnerability VCID-jq5y-7h9g-mufa
27
vulnerability VCID-k5t3-28es-h3ez
28
vulnerability VCID-khpm-e1xb-hydb
29
vulnerability VCID-n1gz-y615-cbbk
30
vulnerability VCID-nney-azbc-pucg
31
vulnerability VCID-p7gd-anw2-1qbz
32
vulnerability VCID-pmvp-twk2-jqe4
33
vulnerability VCID-qv14-m93d-jyd9
34
vulnerability VCID-qxab-9uwr-yqhv
35
vulnerability VCID-rqrw-t2kj-mud8
36
vulnerability VCID-ru6w-m6q6-27gn
37
vulnerability VCID-sdsa-mh76-kqch
38
vulnerability VCID-tgyt-axv1-c7ag
39
vulnerability VCID-u259-2sxq-tbct
40
vulnerability VCID-vw2r-g8yy-eyf4
41
vulnerability VCID-x5x1-w7yv-eye9
42
vulnerability VCID-xw1s-93bu-wuh9
43
vulnerability VCID-y7ds-p5r2-yuhq
44
vulnerability VCID-yz6t-ge1y-qfgr
45
vulnerability VCID-zeut-9wfp-q7et
46
vulnerability VCID-zkvq-bms4-gfcv
47
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GMS-2018-93
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-abjx-8v46-d7d8
25
url VCID-am6s-67bm-77dr
vulnerability_id VCID-am6s-67bm-77dr
summary 
Cross-site Scripting
Cross-Site Scripting in Bootstrap CSS toolkit.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-006/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-006/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GMS-2019-176
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-am6s-67bm-77dr
26
url VCID-bbh5-rss8-bfct
vulnerability_id VCID-bbh5-rss8-bfct
summary 
Deserialization of Untrusted Data
It has been discovered that backend user settings (in `$BE_USER->uc`) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-11067
reference_id
reference_type
scores
0
value 0.01181
scoring_system epss
scoring_elements 0.79096
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-11067
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-11067.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-11067.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-11067.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-11067.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2wj9-434x-9hvp
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2wj9-434x-9hvp
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2020-005
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2020-005
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11067
reference_id CVE-2020-11067
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-11067
fixed_packages
0
url pkg:composer/typo3/cms@9.5.17
purl pkg:composer/typo3/cms@9.5.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-ev4k-5k1d-2bhu
6
vulnerability VCID-fqkx-v8t5-q3h6
7
vulnerability VCID-jp1p-rfxa-hyd9
8
vulnerability VCID-tgyt-axv1-c7ag
9
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.17
1
url pkg:composer/typo3/cms@10.4.2
purl pkg:composer/typo3/cms@10.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-2tz2-8qdm-2kcv
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-6urp-p9mn-cffv
6
vulnerability VCID-848u-w88s-5bbe
7
vulnerability VCID-c46m-ht19-ybc4
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-tgyt-axv1-c7ag
12
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.2
aliases CVE-2020-11067, GHSA-2wj9-434x-9hvp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bbh5-rss8-bfct
27
url VCID-buj5-2t53-3kcr
vulnerability_id VCID-buj5-2t53-3kcr
summary 
TYPO3 Information Disclosure of Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party extensions.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-1.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-1.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/889ed77d2905d8b17afd31c723a23240c978823f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/889ed77d2905d8b17afd31c723a23240c978823f
3
reference_url https://github.com/TYPO3/typo3/commit/c81cca9e419e7aaed551b9b9a8d012ba7bffb287
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/c81cca9e419e7aaed551b9b9a8d012ba7bffb287
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-001
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-001
5
reference_url https://github.com/advisories/GHSA-f624-8hfq-5fh3
reference_id GHSA-f624-8hfq-5fh3
reference_type
scores
url https://github.com/advisories/GHSA-f624-8hfq-5fh3
fixed_packages
0
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GHSA-f624-8hfq-5fh3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-buj5-2t53-3kcr
28
url VCID-cvk2-93hm-gkhx
vulnerability_id VCID-cvk2-93hm-gkhx
summary 
Improper Access Control
Broken Access Control in Import Module.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-017/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-017/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases GMS-2019-191
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cvk2-93hm-gkhx
29
url VCID-dsqm-9q3e-dudw
vulnerability_id VCID-dsqm-9q3e-dudw
summary 
Uncontrolled Resource Consumption
Denial of Service in Online Media Asset Handling.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-011/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-011/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-102
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dsqm-9q3e-dudw
30
url VCID-e6zr-4bgg-kkh5
vulnerability_id VCID-e6zr-4bgg-kkh5
summary 
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Calling `unserialize()` on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the website (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-11066
reference_id
reference_type
scores
0
value 0.00528
scoring_system epss
scoring_elements 0.67492
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-11066
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-11066.yaml
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-11066.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-11066.yaml
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-11066.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2rxh-h6h9-qrqc
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2rxh-h6h9-qrqc
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2020-004
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2020-004
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11066
reference_id CVE-2020-11066
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-11066
fixed_packages
0
url pkg:composer/typo3/cms@9.5.17
purl pkg:composer/typo3/cms@9.5.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-ev4k-5k1d-2bhu
6
vulnerability VCID-fqkx-v8t5-q3h6
7
vulnerability VCID-jp1p-rfxa-hyd9
8
vulnerability VCID-tgyt-axv1-c7ag
9
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.17
1
url pkg:composer/typo3/cms@10.4.2
purl pkg:composer/typo3/cms@10.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-2tz2-8qdm-2kcv
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-6urp-p9mn-cffv
6
vulnerability VCID-848u-w88s-5bbe
7
vulnerability VCID-c46m-ht19-ybc4
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-tgyt-axv1-c7ag
12
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.2
aliases CVE-2020-11066, GHSA-2rxh-h6h9-qrqc
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e6zr-4bgg-kkh5
31
url VCID-emqq-kwjg-3kfk
vulnerability_id VCID-emqq-kwjg-3kfk
summary 
Cross-site Scripting
Cross-Site Scripting in CKEditor.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-005/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-005/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-104
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-emqq-kwjg-3kfk
32
url VCID-ev4k-5k1d-2bhu
vulnerability_id VCID-ev4k-5k1d-2bhu
summary 
URL Redirection to Untrusted Site (Open Redirect)
Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21338
reference_id
reference_type
scores
0
value 0.00253
scoring_system epss
scoring_elements 0.48774
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21338
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp
4
reference_url https://packagist.org/packages/typo3/cms-core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-core
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-001
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21338
reference_id CVE-2021-21338
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21338
fixed_packages
0
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
1
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
2
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21338, GHSA-4jhw-2p6j-5wmp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ev4k-5k1d-2bhu
33
url VCID-f319-jpf5-hyex
vulnerability_id VCID-f319-jpf5-hyex
summary 
Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API
Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfig_includes is vulnerable to directory traversal leading to same scenarios as having direct access to TSconfig settings.

A valid backend user account having access to modify values for fields pages.TSconfig and pages.tsconfig_includes is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-06-25-4.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-06-25-4.yaml
1
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-019
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-019
2
reference_url https://github.com/advisories/GHSA-hww5-6x85-mc24
reference_id GHSA-hww5-6x85-mc24
reference_type
scores
url https://github.com/advisories/GHSA-hww5-6x85-mc24
fixed_packages
0
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases GHSA-hww5-6x85-mc24
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f319-jpf5-hyex
34
url VCID-f4n7-q72x-3yea
vulnerability_id VCID-f4n7-q72x-3yea
summary 
Typo3 Broken Access Control in Import Module
It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly enabled.

Database content to be imported however was correctly checked against users’ permissions and not affected. However it was possible to upload files by-passing restrictions of the file abstraction layer (FAL) - however this did not affect executable files which have been correctly secured by fileDenyPattern.

Currently the only known vulnerability is to directly inject *.form.yaml files which could be used to trigger the vulnerability of TYPO3-CORE-SA-2018-003 (privilege escalation & SQL injection) - which requires the Form Framework (ext:form) being available on an according website. CVSSv3 scoring is based on this scenario.

A valid backend user account is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-06-25-7.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-06-25-7.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-017
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-017
3
reference_url https://github.com/advisories/GHSA-f5rr-9r84-wwqf
reference_id GHSA-f5rr-9r84-wwqf
reference_type
scores
url https://github.com/advisories/GHSA-f5rr-9r84-wwqf
fixed_packages
0
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases GHSA-f5rr-9r84-wwqf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f4n7-q72x-3yea
35
url VCID-fpa2-ffg1-fyaa
vulnerability_id VCID-fpa2-ffg1-fyaa
summary 
Insecure Deserialization in TYPO3 CMS
It has been discovered that the Form Framework (system extension "form") is vulnerable to Insecure Deserialization when being used with the additional PHP PECL package “yaml”, which is capable of unserializing YAML contents to PHP objects. A valid backend user account as well as having PHP setting "yaml.decode_php" enabled is needed to exploit this vulnerability (which is the default value according to PHP documentation).
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-4.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-4.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-004
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-004
3
reference_url https://github.com/advisories/GHSA-8h28-f46f-m87h
reference_id GHSA-8h28-f46f-m87h
reference_type
scores
url https://github.com/advisories/GHSA-8h28-f46f-m87h
fixed_packages
0
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ugj-6m1e-e3hr
3
vulnerability VCID-3ye6-vqje-abh4
4
vulnerability VCID-4an7-9ph4-mkd4
5
vulnerability VCID-4eym-e6vt-8fbs
6
vulnerability VCID-4jck-w9ct-budk
7
vulnerability VCID-6mnf-2fcw-dqgp
8
vulnerability VCID-7ch1-q9f4-a7bt
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-7xv1-78u7-xufp
11
vulnerability VCID-848u-w88s-5bbe
12
vulnerability VCID-8w4e-d49b-nbg8
13
vulnerability VCID-953t-q1cr-zyd6
14
vulnerability VCID-9adx-p876-kyb5
15
vulnerability VCID-am6s-67bm-77dr
16
vulnerability VCID-bbh5-rss8-bfct
17
vulnerability VCID-cvk2-93hm-gkhx
18
vulnerability VCID-dsqm-9q3e-dudw
19
vulnerability VCID-e6zr-4bgg-kkh5
20
vulnerability VCID-emqq-kwjg-3kfk
21
vulnerability VCID-ev4k-5k1d-2bhu
22
vulnerability VCID-fqkx-v8t5-q3h6
23
vulnerability VCID-fut7-bb1f-37g7
24
vulnerability VCID-hp99-ncuh-6ugv
25
vulnerability VCID-jp1p-rfxa-hyd9
26
vulnerability VCID-jq5y-7h9g-mufa
27
vulnerability VCID-k5t3-28es-h3ez
28
vulnerability VCID-khpm-e1xb-hydb
29
vulnerability VCID-n1gz-y615-cbbk
30
vulnerability VCID-nney-azbc-pucg
31
vulnerability VCID-p7gd-anw2-1qbz
32
vulnerability VCID-pmvp-twk2-jqe4
33
vulnerability VCID-qv14-m93d-jyd9
34
vulnerability VCID-qxab-9uwr-yqhv
35
vulnerability VCID-rqrw-t2kj-mud8
36
vulnerability VCID-ru6w-m6q6-27gn
37
vulnerability VCID-sdsa-mh76-kqch
38
vulnerability VCID-tgyt-axv1-c7ag
39
vulnerability VCID-u259-2sxq-tbct
40
vulnerability VCID-vw2r-g8yy-eyf4
41
vulnerability VCID-x5x1-w7yv-eye9
42
vulnerability VCID-xw1s-93bu-wuh9
43
vulnerability VCID-y7ds-p5r2-yuhq
44
vulnerability VCID-yz6t-ge1y-qfgr
45
vulnerability VCID-zeut-9wfp-q7et
46
vulnerability VCID-zkvq-bms4-gfcv
47
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GHSA-8h28-f46f-m87h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fpa2-ffg1-fyaa
36
url VCID-fqkc-utex-3kav
vulnerability_id VCID-fqkc-utex-3kav
summary 
Typo3 Security Misconfiguration in User Session Handling
When users change their password existing sessions for that particular user account are not revoked. A valid backend or frontend user account is required in order to make use of this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-05-07-2.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-05-07-2.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-011
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-011
3
reference_url https://github.com/advisories/GHSA-g9rv-6g56-65h8
reference_id GHSA-g9rv-6g56-65h8
reference_type
scores
url https://github.com/advisories/GHSA-g9rv-6g56-65h8
fixed_packages
0
url pkg:composer/typo3/cms@9.5.6
purl pkg:composer/typo3/cms@9.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-4eym-e6vt-8fbs
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-7m6u-k5tp-gkhy
6
vulnerability VCID-7xv1-78u7-xufp
7
vulnerability VCID-848u-w88s-5bbe
8
vulnerability VCID-8w4e-d49b-nbg8
9
vulnerability VCID-bbh5-rss8-bfct
10
vulnerability VCID-cbmm-1b2k-8qaz
11
vulnerability VCID-cvk2-93hm-gkhx
12
vulnerability VCID-e6zr-4bgg-kkh5
13
vulnerability VCID-ev4k-5k1d-2bhu
14
vulnerability VCID-fqkx-v8t5-q3h6
15
vulnerability VCID-fut7-bb1f-37g7
16
vulnerability VCID-jp1p-rfxa-hyd9
17
vulnerability VCID-n1gz-y615-cbbk
18
vulnerability VCID-nney-azbc-pucg
19
vulnerability VCID-p7gd-anw2-1qbz
20
vulnerability VCID-qv14-m93d-jyd9
21
vulnerability VCID-rqrw-t2kj-mud8
22
vulnerability VCID-tgyt-axv1-c7ag
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zeut-9wfp-q7et
26
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6
aliases GHSA-g9rv-6g56-65h8
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fqkc-utex-3kav
37
url VCID-fqkx-v8t5-q3h6
vulnerability_id VCID-fqkx-v8t5-q3h6
summary 
Cleartext Storage of Sensitive Information
User session identifiers are stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - for example SQL injection in any other component of the system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21339
reference_id
reference_type
scores
0
value 0.00132
scoring_system epss
scoring_elements 0.32224
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21339
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch
4
reference_url https://packagist.org/packages/typo3/cms-core
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-core
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-006
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-006
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21339
reference_id CVE-2021-21339
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21339
fixed_packages
0
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
1
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
2
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21339, GHSA-qx3w-4864-94ch
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fqkx-v8t5-q3h6
38
url VCID-fut7-bb1f-37g7
vulnerability_id VCID-fut7-bb1f-37g7
summary 
Cross-site Scripting
Cross-Site Scripting in Link Handling.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-015/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-015/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases GMS-2019-186
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fut7-bb1f-37g7
39
url VCID-gpv4-4tpd-tbaa
vulnerability_id VCID-gpv4-4tpd-tbaa
summary 
TYPO3 Cross-Site Scripting in Frontend User Login
Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile.

Template patterns that are affected are

- ###FEUSER_[fieldName]### using system extension felogin
- <!--###USERNAME###--> for regular frontend rendering (pattern can be defined individually using TypoScript setting config.USERNAME_substToken)
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-3.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-3.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/1c85fe70269e2ff8ecf0b6d5f16550c6cd0ddc78
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/1c85fe70269e2ff8ecf0b6d5f16550c6cd0ddc78
3
reference_url https://github.com/TYPO3/typo3/commit/373bec5d7d415f0764ebbadc7970610dc26da068
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/373bec5d7d415f0764ebbadc7970610dc26da068
4
reference_url https://github.com/TYPO3/typo3/commit/e4143195e1451630f058a58ab62d92135948a927
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/e4143195e1451630f058a58ab62d92135948a927
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-008
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-008
6
reference_url https://github.com/advisories/GHSA-2rcw-9hrm-8q7q
reference_id GHSA-2rcw-9hrm-8q7q
reference_type
scores
url https://github.com/advisories/GHSA-2rcw-9hrm-8q7q
fixed_packages
0
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-2rcw-9hrm-8q7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gpv4-4tpd-tbaa
40
url VCID-hknp-f88a-kqec
vulnerability_id VCID-hknp-f88a-kqec
summary 
Privilege Escalation & SQL Injection in TYPO3 CMS
Failing to properly dissociate system related configuration from user generated configuration, the Form Framework (system extension "form") is vulnerable to SQL injection and Privilege Escalation. Basically instructions can be persisted to a form definition file that were not configured to be modified - this applies to definitions managed using the form editor module as well as direct file upload using the regular file list module. A valid backend user account as well as having system extension form activated are needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-3.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-3.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-003
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-003
3
reference_url https://github.com/advisories/GHSA-7qwg-fcpw-xg5g
reference_id GHSA-7qwg-fcpw-xg5g
reference_type
scores
url https://github.com/advisories/GHSA-7qwg-fcpw-xg5g
fixed_packages
0
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ugj-6m1e-e3hr
3
vulnerability VCID-3ye6-vqje-abh4
4
vulnerability VCID-4an7-9ph4-mkd4
5
vulnerability VCID-4eym-e6vt-8fbs
6
vulnerability VCID-4jck-w9ct-budk
7
vulnerability VCID-6mnf-2fcw-dqgp
8
vulnerability VCID-7ch1-q9f4-a7bt
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-7xv1-78u7-xufp
11
vulnerability VCID-848u-w88s-5bbe
12
vulnerability VCID-8w4e-d49b-nbg8
13
vulnerability VCID-953t-q1cr-zyd6
14
vulnerability VCID-9adx-p876-kyb5
15
vulnerability VCID-am6s-67bm-77dr
16
vulnerability VCID-bbh5-rss8-bfct
17
vulnerability VCID-cvk2-93hm-gkhx
18
vulnerability VCID-dsqm-9q3e-dudw
19
vulnerability VCID-e6zr-4bgg-kkh5
20
vulnerability VCID-emqq-kwjg-3kfk
21
vulnerability VCID-ev4k-5k1d-2bhu
22
vulnerability VCID-fqkx-v8t5-q3h6
23
vulnerability VCID-fut7-bb1f-37g7
24
vulnerability VCID-hp99-ncuh-6ugv
25
vulnerability VCID-jp1p-rfxa-hyd9
26
vulnerability VCID-jq5y-7h9g-mufa
27
vulnerability VCID-k5t3-28es-h3ez
28
vulnerability VCID-khpm-e1xb-hydb
29
vulnerability VCID-n1gz-y615-cbbk
30
vulnerability VCID-nney-azbc-pucg
31
vulnerability VCID-p7gd-anw2-1qbz
32
vulnerability VCID-pmvp-twk2-jqe4
33
vulnerability VCID-qv14-m93d-jyd9
34
vulnerability VCID-qxab-9uwr-yqhv
35
vulnerability VCID-rqrw-t2kj-mud8
36
vulnerability VCID-ru6w-m6q6-27gn
37
vulnerability VCID-sdsa-mh76-kqch
38
vulnerability VCID-tgyt-axv1-c7ag
39
vulnerability VCID-u259-2sxq-tbct
40
vulnerability VCID-vw2r-g8yy-eyf4
41
vulnerability VCID-x5x1-w7yv-eye9
42
vulnerability VCID-xw1s-93bu-wuh9
43
vulnerability VCID-y7ds-p5r2-yuhq
44
vulnerability VCID-yz6t-ge1y-qfgr
45
vulnerability VCID-zeut-9wfp-q7et
46
vulnerability VCID-zkvq-bms4-gfcv
47
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GHSA-7qwg-fcpw-xg5g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hknp-f88a-kqec
41
url VCID-hp99-ncuh-6ugv
vulnerability_id VCID-hp99-ncuh-6ugv
summary 
Cross-site Scripting
Cross-Site Scripting in Frontend User Login.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-008/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-008/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-99
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hp99-ncuh-6ugv
42
url VCID-j8hk-bqnb-gycp
vulnerability_id VCID-j8hk-bqnb-gycp
summary 
Cross-site Scripting
TYPO3 contains a cross-site scripting vulnerability. When error messages are not properly encoded, the components `_QueryGenerator_` and `_QueryView_` are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 contain a patch for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32668
reference_id
reference_type
scores
0
value 0.00364
scoring_system epss
scoring_elements 0.58727
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32668
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32668.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32668.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32668.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32668.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-6mh3-j5r5-2379
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-6mh3-j5r5-2379
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-6mh3-j5r5-2379
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-6mh3-j5r5-2379
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-010
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-010
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32668
reference_id CVE-2021-32668
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32668
fixed_packages
0
url pkg:composer/typo3/cms@9.5.28
purl pkg:composer/typo3/cms@9.5.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-j8hk-bqnb-gycp
2
vulnerability VCID-sdjb-gp4t-vbgt
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.28
1
url pkg:composer/typo3/cms@10.4.18
purl pkg:composer/typo3/cms@10.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.18
2
url pkg:composer/typo3/cms@11.3.1
purl pkg:composer/typo3/cms@11.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.3.1
aliases CVE-2021-32668, GHSA-6mh3-j5r5-2379
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j8hk-bqnb-gycp
43
url VCID-je4q-svfw-hqda
vulnerability_id VCID-je4q-svfw-hqda
summary Insecure Deserialization in TYPO3 CMS.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-004/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-004/
fixed_packages
0
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ugj-6m1e-e3hr
3
vulnerability VCID-3ye6-vqje-abh4
4
vulnerability VCID-4an7-9ph4-mkd4
5
vulnerability VCID-4eym-e6vt-8fbs
6
vulnerability VCID-4jck-w9ct-budk
7
vulnerability VCID-6mnf-2fcw-dqgp
8
vulnerability VCID-7ch1-q9f4-a7bt
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-7xv1-78u7-xufp
11
vulnerability VCID-848u-w88s-5bbe
12
vulnerability VCID-8w4e-d49b-nbg8
13
vulnerability VCID-953t-q1cr-zyd6
14
vulnerability VCID-9adx-p876-kyb5
15
vulnerability VCID-am6s-67bm-77dr
16
vulnerability VCID-bbh5-rss8-bfct
17
vulnerability VCID-cvk2-93hm-gkhx
18
vulnerability VCID-dsqm-9q3e-dudw
19
vulnerability VCID-e6zr-4bgg-kkh5
20
vulnerability VCID-emqq-kwjg-3kfk
21
vulnerability VCID-ev4k-5k1d-2bhu
22
vulnerability VCID-fqkx-v8t5-q3h6
23
vulnerability VCID-fut7-bb1f-37g7
24
vulnerability VCID-hp99-ncuh-6ugv
25
vulnerability VCID-jp1p-rfxa-hyd9
26
vulnerability VCID-jq5y-7h9g-mufa
27
vulnerability VCID-k5t3-28es-h3ez
28
vulnerability VCID-khpm-e1xb-hydb
29
vulnerability VCID-n1gz-y615-cbbk
30
vulnerability VCID-nney-azbc-pucg
31
vulnerability VCID-p7gd-anw2-1qbz
32
vulnerability VCID-pmvp-twk2-jqe4
33
vulnerability VCID-qv14-m93d-jyd9
34
vulnerability VCID-qxab-9uwr-yqhv
35
vulnerability VCID-rqrw-t2kj-mud8
36
vulnerability VCID-ru6w-m6q6-27gn
37
vulnerability VCID-sdsa-mh76-kqch
38
vulnerability VCID-tgyt-axv1-c7ag
39
vulnerability VCID-u259-2sxq-tbct
40
vulnerability VCID-vw2r-g8yy-eyf4
41
vulnerability VCID-x5x1-w7yv-eye9
42
vulnerability VCID-xw1s-93bu-wuh9
43
vulnerability VCID-y7ds-p5r2-yuhq
44
vulnerability VCID-yz6t-ge1y-qfgr
45
vulnerability VCID-zeut-9wfp-q7et
46
vulnerability VCID-zkvq-bms4-gfcv
47
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GMS-2018-96
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-je4q-svfw-hqda
44
url VCID-jp1p-rfxa-hyd9
vulnerability_id VCID-jp1p-rfxa-hyd9
summary 
Cross-site Scripting
Content elements of type `_menu_` are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21370
reference_id
reference_type
scores
0
value 0.00342
scoring_system epss
scoring_elements 0.57112
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21370
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml
3
reference_url https://packagist.org/packages/typo3/cms-backend
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-backend
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-008
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-008
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21370
reference_id CVE-2021-21370
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21370
6
reference_url https://github.com/advisories/GHSA-x7hc-x7fm-f7qh
reference_id GHSA-x7hc-x7fm-f7qh
reference_type
scores
url https://github.com/advisories/GHSA-x7hc-x7fm-f7qh
7
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh
reference_id GHSA-x7hc-x7fm-f7qh
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh
fixed_packages
0
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
1
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
2
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21370, GHSA-x7hc-x7fm-f7qh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jp1p-rfxa-hyd9
45
url VCID-jq5y-7h9g-mufa
vulnerability_id VCID-jq5y-7h9g-mufa
summary Information Disclosure in Install Tool.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-010/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-010/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-101
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jq5y-7h9g-mufa
46
url VCID-jwb1-3sbg-kfa5
vulnerability_id VCID-jwb1-3sbg-kfa5
summary 
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (*`.youtube` and *`.vimeo` files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a dysfunctional backend component. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-6.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-6.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/054799caf53b28ff92e00aff957fab88c45a7509
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/054799caf53b28ff92e00aff957fab88c45a7509
3
reference_url https://github.com/TYPO3/typo3/commit/16567366e2a25c0cbed7208c3be9eda962e28c9b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/16567366e2a25c0cbed7208c3be9eda962e28c9b
4
reference_url https://github.com/TYPO3/typo3/commit/7a5155e0137d01db7e5723849f0493ad5b0c98ac
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/7a5155e0137d01db7e5723849f0493ad5b0c98ac
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-011
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-011
6
reference_url https://github.com/advisories/GHSA-f3wf-q4fj-3gxf
reference_id GHSA-f3wf-q4fj-3gxf
reference_type
scores
url https://github.com/advisories/GHSA-f3wf-q4fj-3gxf
fixed_packages
0
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-f3wf-q4fj-3gxf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwb1-3sbg-kfa5
47
url VCID-k5t3-28es-h3ez
vulnerability_id VCID-k5t3-28es-h3ez
summary 
Improper Input Validation
TYPO3 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by `ImageMagick` or `GraphicsMagick`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-11832
reference_id
reference_type
scores
0
value 0.00898
scoring_system epss
scoring_elements 0.76028
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-11832
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-11832.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-11832.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-11832.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-11832.yaml
3
reference_url https://github.com/github/advisory-database/pull/3530
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/3530
4
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
5
reference_url https://github.com/TYPO3/typo3/commit/2c04eeac44733fda491f92c697f88c1337d19c79
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/2c04eeac44733fda491f92c697f88c1337d19c79
6
reference_url https://github.com/TYPO3/typo3/commit/51fdb774a57ee30e8d60c0e33b4a0b92d775739e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/51fdb774a57ee30e8d60c0e33b4a0b92d775739e
7
reference_url https://github.com/TYPO3/typo3/commit/e845d90b82b2f72ab12a9e37f15082297832beca
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/e845d90b82b2f72ab12a9e37f15082297832beca
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-012
9
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-012/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-012/
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-11832
reference_id CVE-2019-11832
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-11832
fixed_packages
0
url pkg:composer/typo3/cms@9.5.6
purl pkg:composer/typo3/cms@9.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-4eym-e6vt-8fbs
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-7m6u-k5tp-gkhy
6
vulnerability VCID-7xv1-78u7-xufp
7
vulnerability VCID-848u-w88s-5bbe
8
vulnerability VCID-8w4e-d49b-nbg8
9
vulnerability VCID-bbh5-rss8-bfct
10
vulnerability VCID-cbmm-1b2k-8qaz
11
vulnerability VCID-cvk2-93hm-gkhx
12
vulnerability VCID-e6zr-4bgg-kkh5
13
vulnerability VCID-ev4k-5k1d-2bhu
14
vulnerability VCID-fqkx-v8t5-q3h6
15
vulnerability VCID-fut7-bb1f-37g7
16
vulnerability VCID-jp1p-rfxa-hyd9
17
vulnerability VCID-n1gz-y615-cbbk
18
vulnerability VCID-nney-azbc-pucg
19
vulnerability VCID-p7gd-anw2-1qbz
20
vulnerability VCID-qv14-m93d-jyd9
21
vulnerability VCID-rqrw-t2kj-mud8
22
vulnerability VCID-tgyt-axv1-c7ag
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zeut-9wfp-q7et
26
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6
aliases CVE-2019-11832, GHSA-3w4h-r27h-4r2w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k5t3-28es-h3ez
48
url VCID-khpm-e1xb-hydb
vulnerability_id VCID-khpm-e1xb-hydb
summary Information Disclosure of Installed Extensions.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-001/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-001/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GMS-2019-172
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-khpm-e1xb-hydb
49
url VCID-n1gz-y615-cbbk
vulnerability_id VCID-n1gz-y615-cbbk
summary 
Cross-site Scripting
It has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-11064
reference_id
reference_type
scores
0
value 0.00206
scoring_system epss
scoring_elements 0.42771
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-11064
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-11064.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-11064.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-11064.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-11064.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-43gj-mj2w-wh46
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-43gj-mj2w-wh46
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2020-002
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2020-002
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-11064
reference_id CVE-2020-11064
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-11064
fixed_packages
0
url pkg:composer/typo3/cms@9.5.17
purl pkg:composer/typo3/cms@9.5.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-ev4k-5k1d-2bhu
6
vulnerability VCID-fqkx-v8t5-q3h6
7
vulnerability VCID-jp1p-rfxa-hyd9
8
vulnerability VCID-tgyt-axv1-c7ag
9
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.17
1
url pkg:composer/typo3/cms@10.4.2
purl pkg:composer/typo3/cms@10.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-2tz2-8qdm-2kcv
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-6urp-p9mn-cffv
6
vulnerability VCID-848u-w88s-5bbe
7
vulnerability VCID-c46m-ht19-ybc4
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-tgyt-axv1-c7ag
12
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.2
aliases CVE-2020-11064, GHSA-43gj-mj2w-wh46
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n1gz-y615-cbbk
50
url VCID-njsj-bwjq-fyap
vulnerability_id VCID-njsj-bwjq-fyap
summary Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-002/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-002/
fixed_packages
0
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ugj-6m1e-e3hr
3
vulnerability VCID-3ye6-vqje-abh4
4
vulnerability VCID-4an7-9ph4-mkd4
5
vulnerability VCID-4eym-e6vt-8fbs
6
vulnerability VCID-4jck-w9ct-budk
7
vulnerability VCID-6mnf-2fcw-dqgp
8
vulnerability VCID-7ch1-q9f4-a7bt
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-7xv1-78u7-xufp
11
vulnerability VCID-848u-w88s-5bbe
12
vulnerability VCID-8w4e-d49b-nbg8
13
vulnerability VCID-953t-q1cr-zyd6
14
vulnerability VCID-9adx-p876-kyb5
15
vulnerability VCID-am6s-67bm-77dr
16
vulnerability VCID-bbh5-rss8-bfct
17
vulnerability VCID-cvk2-93hm-gkhx
18
vulnerability VCID-dsqm-9q3e-dudw
19
vulnerability VCID-e6zr-4bgg-kkh5
20
vulnerability VCID-emqq-kwjg-3kfk
21
vulnerability VCID-ev4k-5k1d-2bhu
22
vulnerability VCID-fqkx-v8t5-q3h6
23
vulnerability VCID-fut7-bb1f-37g7
24
vulnerability VCID-hp99-ncuh-6ugv
25
vulnerability VCID-jp1p-rfxa-hyd9
26
vulnerability VCID-jq5y-7h9g-mufa
27
vulnerability VCID-k5t3-28es-h3ez
28
vulnerability VCID-khpm-e1xb-hydb
29
vulnerability VCID-n1gz-y615-cbbk
30
vulnerability VCID-nney-azbc-pucg
31
vulnerability VCID-p7gd-anw2-1qbz
32
vulnerability VCID-pmvp-twk2-jqe4
33
vulnerability VCID-qv14-m93d-jyd9
34
vulnerability VCID-qxab-9uwr-yqhv
35
vulnerability VCID-rqrw-t2kj-mud8
36
vulnerability VCID-ru6w-m6q6-27gn
37
vulnerability VCID-sdsa-mh76-kqch
38
vulnerability VCID-tgyt-axv1-c7ag
39
vulnerability VCID-u259-2sxq-tbct
40
vulnerability VCID-vw2r-g8yy-eyf4
41
vulnerability VCID-x5x1-w7yv-eye9
42
vulnerability VCID-xw1s-93bu-wuh9
43
vulnerability VCID-y7ds-p5r2-yuhq
44
vulnerability VCID-yz6t-ge1y-qfgr
45
vulnerability VCID-zeut-9wfp-q7et
46
vulnerability VCID-zkvq-bms4-gfcv
47
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GMS-2018-94
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njsj-bwjq-fyap
51
url VCID-nney-azbc-pucg
vulnerability_id VCID-nney-azbc-pucg
summary Information Disclosure in Backend User Interface.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-014/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-014/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases GMS-2019-185
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nney-azbc-pucg
52
url VCID-p576-w7dd-p3h7
vulnerability_id VCID-p576-w7dd-p3h7
summary 
TYPO3 Security Misconfiguration in Install Tool Cookie
It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-4.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-4.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/13328b0f74ac589a20b021db814dfa672581c26a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/13328b0f74ac589a20b021db814dfa672581c26a
3
reference_url https://github.com/TYPO3/typo3/commit/918e50e4d20d88c7e40ad3bb134267d07706b0b1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/918e50e4d20d88c7e40ad3bb134267d07706b0b1
4
reference_url https://github.com/TYPO3/typo3/commit/a5359491e3fb3164a6ba96a66c8e67fbb9971a4c
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/a5359491e3fb3164a6ba96a66c8e67fbb9971a4c
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-009
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-009
6
reference_url https://github.com/advisories/GHSA-f777-f784-36gm
reference_id GHSA-f777-f784-36gm
reference_type
scores
url https://github.com/advisories/GHSA-f777-f784-36gm
fixed_packages
0
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-f777-f784-36gm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p576-w7dd-p3h7
53
url VCID-p7gd-anw2-1qbz
vulnerability_id VCID-p7gd-anw2-1qbz
summary 
Deserialization of Untrusted Data
It has been discovered that the classes `QueryGenerator` and `QueryView` are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension `ext:lowlevel` (Backend Module `DB Check`) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension `ext:sys_action` installed, with a valid backend user who has limited privileges.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19849
reference_id
reference_type
scores
0
value 0.00746
scoring_system epss
scoring_elements 0.7342
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19849
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19849.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19849.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19849.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19849.yaml
3
reference_url https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-026
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-026
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-026/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-026/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19849
reference_id CVE-2019-19849
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19849
fixed_packages
0
url pkg:composer/typo3/cms@9.5.12
purl pkg:composer/typo3/cms@9.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-bcbd-zzet-mff6
8
vulnerability VCID-e6zr-4bgg-kkh5
9
vulnerability VCID-ev4k-5k1d-2bhu
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-jp1p-rfxa-hyd9
12
vulnerability VCID-n1gz-y615-cbbk
13
vulnerability VCID-tgyt-axv1-c7ag
14
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12
1
url pkg:composer/typo3/cms@10.2.1
purl pkg:composer/typo3/cms@10.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-2tz2-8qdm-2kcv
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-6urp-p9mn-cffv
6
vulnerability VCID-848u-w88s-5bbe
7
vulnerability VCID-8w4e-d49b-nbg8
8
vulnerability VCID-bbh5-rss8-bfct
9
vulnerability VCID-bcbd-zzet-mff6
10
vulnerability VCID-c46m-ht19-ybc4
11
vulnerability VCID-e6zr-4bgg-kkh5
12
vulnerability VCID-ev4k-5k1d-2bhu
13
vulnerability VCID-fqkx-v8t5-q3h6
14
vulnerability VCID-jp1p-rfxa-hyd9
15
vulnerability VCID-n1gz-y615-cbbk
16
vulnerability VCID-r3az-g422-gqf9
17
vulnerability VCID-tgyt-axv1-c7ag
18
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.1
2
url pkg:composer/typo3/cms@10.2.2
purl pkg:composer/typo3/cms@10.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-2tz2-8qdm-2kcv
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-6urp-p9mn-cffv
6
vulnerability VCID-848u-w88s-5bbe
7
vulnerability VCID-8w4e-d49b-nbg8
8
vulnerability VCID-bbh5-rss8-bfct
9
vulnerability VCID-bcbd-zzet-mff6
10
vulnerability VCID-c46m-ht19-ybc4
11
vulnerability VCID-e6zr-4bgg-kkh5
12
vulnerability VCID-ev4k-5k1d-2bhu
13
vulnerability VCID-fqkx-v8t5-q3h6
14
vulnerability VCID-jp1p-rfxa-hyd9
15
vulnerability VCID-n1gz-y615-cbbk
16
vulnerability VCID-r3az-g422-gqf9
17
vulnerability VCID-tgyt-axv1-c7ag
18
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.2
aliases CVE-2019-19849, GHSA-rcgc-4xfc-564v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p7gd-anw2-1qbz
54
url VCID-pmvp-twk2-jqe4
vulnerability_id VCID-pmvp-twk2-jqe4
summary Security Misconfiguration for Backend User Accounts.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-002/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-002/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GMS-2019-173
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pmvp-twk2-jqe4
55
url VCID-q2t1-kx56-s3c3
vulnerability_id VCID-q2t1-kx56-s3c3
summary 
Typo3 Information Disclosure in User Authentication
It has been discovered that login failures have been logged on the default stream with log level "warning" including plain-text user credentials.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-05-07-5.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-05-07-5.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-010
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-010
3
reference_url https://github.com/advisories/GHSA-m96r-7vqm-j95g
reference_id GHSA-m96r-7vqm-j95g
reference_type
scores
url https://github.com/advisories/GHSA-m96r-7vqm-j95g
fixed_packages
0
url pkg:composer/typo3/cms@9.5.6
purl pkg:composer/typo3/cms@9.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-4eym-e6vt-8fbs
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-7m6u-k5tp-gkhy
6
vulnerability VCID-7xv1-78u7-xufp
7
vulnerability VCID-848u-w88s-5bbe
8
vulnerability VCID-8w4e-d49b-nbg8
9
vulnerability VCID-bbh5-rss8-bfct
10
vulnerability VCID-cbmm-1b2k-8qaz
11
vulnerability VCID-cvk2-93hm-gkhx
12
vulnerability VCID-e6zr-4bgg-kkh5
13
vulnerability VCID-ev4k-5k1d-2bhu
14
vulnerability VCID-fqkx-v8t5-q3h6
15
vulnerability VCID-fut7-bb1f-37g7
16
vulnerability VCID-jp1p-rfxa-hyd9
17
vulnerability VCID-n1gz-y615-cbbk
18
vulnerability VCID-nney-azbc-pucg
19
vulnerability VCID-p7gd-anw2-1qbz
20
vulnerability VCID-qv14-m93d-jyd9
21
vulnerability VCID-rqrw-t2kj-mud8
22
vulnerability VCID-tgyt-axv1-c7ag
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zeut-9wfp-q7et
26
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6
aliases GHSA-m96r-7vqm-j95g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q2t1-kx56-s3c3
56
url VCID-q7vt-19eb-sqeq
vulnerability_id VCID-q7vt-19eb-sqeq
summary 
Typo3 Information Disclosure in Backend User Interface
The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-06-25-1.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-06-25-1.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-014
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-014
3
reference_url https://github.com/advisories/GHSA-q9c4-9v5m-597p
reference_id GHSA-q9c4-9v5m-597p
reference_type
scores
url https://github.com/advisories/GHSA-q9c4-9v5m-597p
fixed_packages
0
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases GHSA-q9c4-9v5m-597p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q7vt-19eb-sqeq
57
url VCID-qcnh-z4zh-myaw
vulnerability_id VCID-qcnh-z4zh-myaw
summary 
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
Phar files (formerly known as "PHP archives") can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt" would be. This way, Phar files can be obfuscated as image or text file which would not be denied from being uploaded and persisted to a TYPO3 installation. Due to a missing sanitization of user input, those Phar files can be invoked by manipulated URLs in TYPO3 backend forms. A valid backend user account is needed to exploit this vulnerability. In theory the attack vector would be possible in the TYPO3 frontend as well, however no functional exploit has been identified so far.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-2.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-2.yaml
1
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-002
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-002
2
reference_url https://github.com/advisories/GHSA-ppgf-8745-8pgx
reference_id GHSA-ppgf-8745-8pgx
reference_type
scores
url https://github.com/advisories/GHSA-ppgf-8745-8pgx
fixed_packages
0
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ugj-6m1e-e3hr
3
vulnerability VCID-3ye6-vqje-abh4
4
vulnerability VCID-4an7-9ph4-mkd4
5
vulnerability VCID-4eym-e6vt-8fbs
6
vulnerability VCID-4jck-w9ct-budk
7
vulnerability VCID-6mnf-2fcw-dqgp
8
vulnerability VCID-7ch1-q9f4-a7bt
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-7xv1-78u7-xufp
11
vulnerability VCID-848u-w88s-5bbe
12
vulnerability VCID-8w4e-d49b-nbg8
13
vulnerability VCID-953t-q1cr-zyd6
14
vulnerability VCID-9adx-p876-kyb5
15
vulnerability VCID-am6s-67bm-77dr
16
vulnerability VCID-bbh5-rss8-bfct
17
vulnerability VCID-cvk2-93hm-gkhx
18
vulnerability VCID-dsqm-9q3e-dudw
19
vulnerability VCID-e6zr-4bgg-kkh5
20
vulnerability VCID-emqq-kwjg-3kfk
21
vulnerability VCID-ev4k-5k1d-2bhu
22
vulnerability VCID-fqkx-v8t5-q3h6
23
vulnerability VCID-fut7-bb1f-37g7
24
vulnerability VCID-hp99-ncuh-6ugv
25
vulnerability VCID-jp1p-rfxa-hyd9
26
vulnerability VCID-jq5y-7h9g-mufa
27
vulnerability VCID-k5t3-28es-h3ez
28
vulnerability VCID-khpm-e1xb-hydb
29
vulnerability VCID-n1gz-y615-cbbk
30
vulnerability VCID-nney-azbc-pucg
31
vulnerability VCID-p7gd-anw2-1qbz
32
vulnerability VCID-pmvp-twk2-jqe4
33
vulnerability VCID-qv14-m93d-jyd9
34
vulnerability VCID-qxab-9uwr-yqhv
35
vulnerability VCID-rqrw-t2kj-mud8
36
vulnerability VCID-ru6w-m6q6-27gn
37
vulnerability VCID-sdsa-mh76-kqch
38
vulnerability VCID-tgyt-axv1-c7ag
39
vulnerability VCID-u259-2sxq-tbct
40
vulnerability VCID-vw2r-g8yy-eyf4
41
vulnerability VCID-x5x1-w7yv-eye9
42
vulnerability VCID-xw1s-93bu-wuh9
43
vulnerability VCID-y7ds-p5r2-yuhq
44
vulnerability VCID-yz6t-ge1y-qfgr
45
vulnerability VCID-zeut-9wfp-q7et
46
vulnerability VCID-zkvq-bms4-gfcv
47
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GHSA-ppgf-8745-8pgx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qcnh-z4zh-myaw
58
url VCID-qdxh-arxx-wbcr
vulnerability_id VCID-qdxh-arxx-wbcr
summary 
TYPO3 Cross-Site Scripting in Filelist Module
It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences.

Access to the file system of the server - either directly or through synchronization - is required to exploit the vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-12-17-3.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-12-17-3.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/044d7dbe28382919c765b6b815d420f480a1ac70
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/044d7dbe28382919c765b6b815d420f480a1ac70
3
reference_url https://github.com/TYPO3/typo3/commit/96b122b756cc778697845d48210b0993c0724b5f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/96b122b756cc778697845d48210b0993c0724b5f
4
reference_url https://github.com/TYPO3/typo3/commit/fcc1bab07027ba9d8140a91006d3cda1244d6298
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/fcc1bab07027ba9d8140a91006d3cda1244d6298
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-023
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-023
6
reference_url https://github.com/advisories/GHSA-g7hw-jh4p-75wr
reference_id GHSA-g7hw-jh4p-75wr
reference_type
scores
url https://github.com/advisories/GHSA-g7hw-jh4p-75wr
fixed_packages
0
url pkg:composer/typo3/cms@9.5.12
purl pkg:composer/typo3/cms@9.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-bcbd-zzet-mff6
8
vulnerability VCID-e6zr-4bgg-kkh5
9
vulnerability VCID-ev4k-5k1d-2bhu
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-jp1p-rfxa-hyd9
12
vulnerability VCID-n1gz-y615-cbbk
13
vulnerability VCID-tgyt-axv1-c7ag
14
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12
1
url pkg:composer/typo3/cms@10.2.1
purl pkg:composer/typo3/cms@10.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-2tz2-8qdm-2kcv
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-6urp-p9mn-cffv
6
vulnerability VCID-848u-w88s-5bbe
7
vulnerability VCID-8w4e-d49b-nbg8
8
vulnerability VCID-bbh5-rss8-bfct
9
vulnerability VCID-bcbd-zzet-mff6
10
vulnerability VCID-c46m-ht19-ybc4
11
vulnerability VCID-e6zr-4bgg-kkh5
12
vulnerability VCID-ev4k-5k1d-2bhu
13
vulnerability VCID-fqkx-v8t5-q3h6
14
vulnerability VCID-jp1p-rfxa-hyd9
15
vulnerability VCID-n1gz-y615-cbbk
16
vulnerability VCID-r3az-g422-gqf9
17
vulnerability VCID-tgyt-axv1-c7ag
18
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.1
aliases GHSA-g7hw-jh4p-75wr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdxh-arxx-wbcr
59
url VCID-qv14-m93d-jyd9
vulnerability_id VCID-qv14-m93d-jyd9
summary 
Cross-site Scripting
TYPO3 allows XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-12748
reference_id
reference_type
scores
0
value 0.00301
scoring_system epss
scoring_elements 0.53716
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-12748
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-12748.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-12748.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-12748.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-12748.yaml
3
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
4
reference_url https://typo3.org/cms/release-news/typo3-8-release-notes
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/cms/release-news/typo3-8-release-notes
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-015
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-015
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-12748
reference_id CVE-2019-12748
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-12748
fixed_packages
0
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases CVE-2019-12748, GHSA-r6fv-56gp-j3r4
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qv14-m93d-jyd9
60
url VCID-qxab-9uwr-yqhv
vulnerability_id VCID-qxab-9uwr-yqhv
summary 
Cross-site Scripting
CKEditor allows user-assisted XSS involving a source-mode paste.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17960
reference_id
reference_type
scores
0
value 0.02024
scoring_system epss
scoring_elements 0.84092
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17960
1
reference_url https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released
2
reference_url https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/
reference_id
reference_type
scores
url https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/
3
reference_url https://ckeditor.com/cke4/release/CKEditor-4.11.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://ckeditor.com/cke4/release/CKEditor-4.11.0
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-005
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-005
5
reference_url https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205
6
reference_url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id 1015217
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17960
reference_id CVE-2018-17960
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-17960
9
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml
reference_id CVE-2018-17960.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml
10
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml
reference_id CVE-2018-17960.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml
11
reference_url https://github.com/advisories/GHSA-g68x-vvqq-pvw3
reference_id GHSA-g68x-vvqq-pvw3
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-g68x-vvqq-pvw3
fixed_packages
0
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases CVE-2018-17960, GHSA-g68x-vvqq-pvw3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxab-9uwr-yqhv
61
url VCID-rqrw-t2kj-mud8
vulnerability_id VCID-rqrw-t2kj-mud8
summary 
SQL Injection
Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension `ext:lowlevel` installed, and a valid backend user who has administrator privileges.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19850
reference_id
reference_type
scores
0
value 0.00284
scoring_system epss
scoring_elements 0.52069
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19850
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security
3
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-025
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-025
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-025/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-025/
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19850
reference_id CVE-2019-19850
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19850
fixed_packages
0
url pkg:composer/typo3/cms@9.5.12
purl pkg:composer/typo3/cms@9.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-bcbd-zzet-mff6
8
vulnerability VCID-e6zr-4bgg-kkh5
9
vulnerability VCID-ev4k-5k1d-2bhu
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-jp1p-rfxa-hyd9
12
vulnerability VCID-n1gz-y615-cbbk
13
vulnerability VCID-tgyt-axv1-c7ag
14
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12
1
url pkg:composer/typo3/cms@10.2.2
purl pkg:composer/typo3/cms@10.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-2tz2-8qdm-2kcv
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-6urp-p9mn-cffv
6
vulnerability VCID-848u-w88s-5bbe
7
vulnerability VCID-8w4e-d49b-nbg8
8
vulnerability VCID-bbh5-rss8-bfct
9
vulnerability VCID-bcbd-zzet-mff6
10
vulnerability VCID-c46m-ht19-ybc4
11
vulnerability VCID-e6zr-4bgg-kkh5
12
vulnerability VCID-ev4k-5k1d-2bhu
13
vulnerability VCID-fqkx-v8t5-q3h6
14
vulnerability VCID-jp1p-rfxa-hyd9
15
vulnerability VCID-n1gz-y615-cbbk
16
vulnerability VCID-r3az-g422-gqf9
17
vulnerability VCID-tgyt-axv1-c7ag
18
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.2
aliases CVE-2019-19850, GHSA-59pj-7mjh-4465
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rqrw-t2kj-mud8
62
url VCID-ru6w-m6q6-27gn
vulnerability_id VCID-ru6w-m6q6-27gn
summary 
Cross-site Scripting
Cross-Site Scripting in Fluid Engine.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-013/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-013/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.6
purl pkg:composer/typo3/cms@9.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-4eym-e6vt-8fbs
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-7m6u-k5tp-gkhy
6
vulnerability VCID-7xv1-78u7-xufp
7
vulnerability VCID-848u-w88s-5bbe
8
vulnerability VCID-8w4e-d49b-nbg8
9
vulnerability VCID-bbh5-rss8-bfct
10
vulnerability VCID-cbmm-1b2k-8qaz
11
vulnerability VCID-cvk2-93hm-gkhx
12
vulnerability VCID-e6zr-4bgg-kkh5
13
vulnerability VCID-ev4k-5k1d-2bhu
14
vulnerability VCID-fqkx-v8t5-q3h6
15
vulnerability VCID-fut7-bb1f-37g7
16
vulnerability VCID-jp1p-rfxa-hyd9
17
vulnerability VCID-n1gz-y615-cbbk
18
vulnerability VCID-nney-azbc-pucg
19
vulnerability VCID-p7gd-anw2-1qbz
20
vulnerability VCID-qv14-m93d-jyd9
21
vulnerability VCID-rqrw-t2kj-mud8
22
vulnerability VCID-tgyt-axv1-c7ag
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zeut-9wfp-q7et
26
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6
aliases GMS-2019-180
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ru6w-m6q6-27gn
63
url VCID-sdjb-gp4t-vbgt
vulnerability_id VCID-sdjb-gp4t-vbgt
summary 
Cross-site Scripting
TYPO3 is an open source PHP based web content management system. have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 contain a patch for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32669
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.59384
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32669
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32669.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32669.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32669.yaml
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32669.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-rgcg-28xm-8mmw
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-rgcg-28xm-8mmw
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-011
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-011
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32669
reference_id CVE-2021-32669
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32669
fixed_packages
0
url pkg:composer/typo3/cms@9.5.28
purl pkg:composer/typo3/cms@9.5.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-j8hk-bqnb-gycp
2
vulnerability VCID-sdjb-gp4t-vbgt
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.28
1
url pkg:composer/typo3/cms@10.4.18
purl pkg:composer/typo3/cms@10.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.18
2
url pkg:composer/typo3/cms@11.3.1
purl pkg:composer/typo3/cms@11.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.3.1
aliases CVE-2021-32669, GHSA-rgcg-28xm-8mmw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sdjb-gp4t-vbgt
64
url VCID-sdsa-mh76-kqch
vulnerability_id VCID-sdsa-mh76-kqch
summary Security Misconfiguration in User Session Handling.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-011/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-011/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.6
purl pkg:composer/typo3/cms@9.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-4eym-e6vt-8fbs
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-7m6u-k5tp-gkhy
6
vulnerability VCID-7xv1-78u7-xufp
7
vulnerability VCID-848u-w88s-5bbe
8
vulnerability VCID-8w4e-d49b-nbg8
9
vulnerability VCID-bbh5-rss8-bfct
10
vulnerability VCID-cbmm-1b2k-8qaz
11
vulnerability VCID-cvk2-93hm-gkhx
12
vulnerability VCID-e6zr-4bgg-kkh5
13
vulnerability VCID-ev4k-5k1d-2bhu
14
vulnerability VCID-fqkx-v8t5-q3h6
15
vulnerability VCID-fut7-bb1f-37g7
16
vulnerability VCID-jp1p-rfxa-hyd9
17
vulnerability VCID-n1gz-y615-cbbk
18
vulnerability VCID-nney-azbc-pucg
19
vulnerability VCID-p7gd-anw2-1qbz
20
vulnerability VCID-qv14-m93d-jyd9
21
vulnerability VCID-rqrw-t2kj-mud8
22
vulnerability VCID-tgyt-axv1-c7ag
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zeut-9wfp-q7et
26
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6
aliases GMS-2019-181
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sdsa-mh76-kqch
65
url VCID-teby-zvvw-zkhv
vulnerability_id VCID-teby-zvvw-zkhv
summary 
TYPO3 Cross-Site Scripting in Backend Modal Component
Failing to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-2.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-2.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/02cd5c97228cba477d16c68e28309ce25c433ce9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/02cd5c97228cba477d16c68e28309ce25c433ce9
3
reference_url https://github.com/TYPO3/typo3/commit/89a38ad0ef9411745954f53f29bea5b8ce81cd32
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/89a38ad0ef9411745954f53f29bea5b8ce81cd32
4
reference_url https://github.com/TYPO3/typo3/commit/c35646c3f7795a4a7b0046a88f146b490fa4883c
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/c35646c3f7795a4a7b0046a88f146b490fa4883c
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-007
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-007
6
reference_url https://github.com/advisories/GHSA-7q33-hxwj-7p8v
reference_id GHSA-7q33-hxwj-7p8v
reference_type
scores
url https://github.com/advisories/GHSA-7q33-hxwj-7p8v
fixed_packages
0
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-7q33-hxwj-7p8v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-teby-zvvw-zkhv
66
url VCID-tgyt-axv1-c7ag
vulnerability_id VCID-tgyt-axv1-c7ag
summary 
Cross-site Scripting
TYPO3 is an open source PHP based web content management system. In TYPO3 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 that fix the problem described.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26227
reference_id
reference_type
scores
0
value 0.00359
scoring_system epss
scoring_elements 0.5838
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26227
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-26227.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-26227.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-26227.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-26227.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf
4
reference_url https://packagist.org/packages/typo3/cms-core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-core
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2020-010
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2020-010
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26227
reference_id CVE-2020-26227
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26227
fixed_packages
0
url pkg:composer/typo3/cms@9.5.23
purl pkg:composer/typo3/cms@9.5.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-6mnf-2fcw-dqgp
2
vulnerability VCID-848u-w88s-5bbe
3
vulnerability VCID-ev4k-5k1d-2bhu
4
vulnerability VCID-fqkx-v8t5-q3h6
5
vulnerability VCID-jp1p-rfxa-hyd9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.23
1
url pkg:composer/typo3/cms@10.4.10
purl pkg:composer/typo3/cms@10.4.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-6mnf-2fcw-dqgp
2
vulnerability VCID-6urp-p9mn-cffv
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-c46m-ht19-ybc4
5
vulnerability VCID-ev4k-5k1d-2bhu
6
vulnerability VCID-fqkx-v8t5-q3h6
7
vulnerability VCID-jp1p-rfxa-hyd9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.10
aliases CVE-2020-26227, GHSA-vqqx-jw6p-q3rf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgyt-axv1-c7ag
67
url VCID-u259-2sxq-tbct
vulnerability_id VCID-u259-2sxq-tbct
summary 
Cross-site Scripting
Cross-Site Scripting in Fluid `ViewHelpers`.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-005/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-005/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GMS-2019-175
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u259-2sxq-tbct
68
url VCID-u6as-cwxc-pkhk
vulnerability_id VCID-u6as-cwxc-pkhk
summary 
TYPO3 Security Misconfiguration for Backend User Accounts
When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in order to reflect changed configuration possibilities. However, this leads to persisting the current state as well, which can result into some of the following:

- account contains empty login credentials (username and/or password)
- account is incomplete and contains weak credentials (username and/or password)

Albeit the functionality provided by the TYPO3 core cannot be used either with empty usernames or empty passwords, it still can be a severe vulnerability to custom authentication service implementations.

This weakness cannot be directly exploited and requires interaction on purpose by some backend user having according privileges.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-2.yaml
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-2.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/b3608d14e1915030cde272000a247cb6d5f982b8
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/b3608d14e1915030cde272000a247cb6d5f982b8
3
reference_url https://github.com/TYPO3/typo3/commit/e4d0cff40a4f8f597e52c20fff529e206bb62703
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/e4d0cff40a4f8f597e52c20fff529e206bb62703
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-002
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-002
5
reference_url https://github.com/advisories/GHSA-c5mj-39cf-3pp5
reference_id GHSA-c5mj-39cf-3pp5
reference_type
scores
url https://github.com/advisories/GHSA-c5mj-39cf-3pp5
fixed_packages
0
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GHSA-c5mj-39cf-3pp5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u6as-cwxc-pkhk
69
url VCID-uq77-aax5-k7d8
vulnerability_id VCID-uq77-aax5-k7d8
summary 
Inclusion of Sensitive Information in Log Files
TYPO3 is an open source PHP based web content management system. User credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 contain a patch for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32767
reference_id
reference_type
scores
0
value 0.00327
scoring_system epss
scoring_elements 0.55909
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32767
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32767.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32767.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32767.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32767.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235
5
reference_url https://github.com/TYPO3/typo3/commit/0b4950163b8919451964133febc65bcdfcec721c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/0b4950163b8919451964133febc65bcdfcec721c
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-34fr-fhqr-7235
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-34fr-fhqr-7235
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-012
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-012
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-013
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-013
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32767
reference_id CVE-2021-32767
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32767
fixed_packages
0
url pkg:composer/typo3/cms@9.5.28
purl pkg:composer/typo3/cms@9.5.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-j8hk-bqnb-gycp
2
vulnerability VCID-sdjb-gp4t-vbgt
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.28
1
url pkg:composer/typo3/cms@10.4.18
purl pkg:composer/typo3/cms@10.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.18
2
url pkg:composer/typo3/cms@11.3.1
purl pkg:composer/typo3/cms@11.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.3.1
aliases CVE-2021-32767, GHSA-34fr-fhqr-7235
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uq77-aax5-k7d8
70
url VCID-vq15-t92r-5bhx
vulnerability_id VCID-vq15-t92r-5bhx
summary 
Cross-site Scripting
The page module in TYPO3 is vulnerable to XSS via `$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']`, as demonstrated by an admin entering a crafted site name during the installation process.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-6905
reference_id
reference_type
scores
0
value 0.02274
scoring_system epss
scoring_elements 0.8496
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-6905
1
reference_url https://forge.typo3.org/issues/84191
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forge.typo3.org/issues/84191
2
reference_url https://github.com/pradeepjairamani/TYPO3-XSS-POC
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pradeepjairamani/TYPO3-XSS-POC
3
reference_url https://github.com/TYPO3/typo3/commit/d2c0ea7db3b31a796a82f9d39f77f9983beb7c35
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/d2c0ea7db3b31a796a82f9d39f77f9983beb7c35
4
reference_url http://www.securitytracker.com/id/1040755
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1040755
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6905
reference_id CVE-2018-6905
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-6905
fixed_packages
0
url pkg:composer/typo3/cms@9.1.0
purl pkg:composer/typo3/cms@9.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ugj-6m1e-e3hr
3
vulnerability VCID-3ye6-vqje-abh4
4
vulnerability VCID-4an7-9ph4-mkd4
5
vulnerability VCID-4eym-e6vt-8fbs
6
vulnerability VCID-4jck-w9ct-budk
7
vulnerability VCID-6mnf-2fcw-dqgp
8
vulnerability VCID-7ch1-q9f4-a7bt
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-7xv1-78u7-xufp
11
vulnerability VCID-848u-w88s-5bbe
12
vulnerability VCID-8w4e-d49b-nbg8
13
vulnerability VCID-953t-q1cr-zyd6
14
vulnerability VCID-9adx-p876-kyb5
15
vulnerability VCID-abjx-8v46-d7d8
16
vulnerability VCID-am6s-67bm-77dr
17
vulnerability VCID-bbh5-rss8-bfct
18
vulnerability VCID-cvk2-93hm-gkhx
19
vulnerability VCID-dsqm-9q3e-dudw
20
vulnerability VCID-e6zr-4bgg-kkh5
21
vulnerability VCID-emqq-kwjg-3kfk
22
vulnerability VCID-ev4k-5k1d-2bhu
23
vulnerability VCID-fqkx-v8t5-q3h6
24
vulnerability VCID-fut7-bb1f-37g7
25
vulnerability VCID-hp99-ncuh-6ugv
26
vulnerability VCID-je4q-svfw-hqda
27
vulnerability VCID-jp1p-rfxa-hyd9
28
vulnerability VCID-jq5y-7h9g-mufa
29
vulnerability VCID-k5t3-28es-h3ez
30
vulnerability VCID-khpm-e1xb-hydb
31
vulnerability VCID-n1gz-y615-cbbk
32
vulnerability VCID-njsj-bwjq-fyap
33
vulnerability VCID-nney-azbc-pucg
34
vulnerability VCID-p7gd-anw2-1qbz
35
vulnerability VCID-pmvp-twk2-jqe4
36
vulnerability VCID-qv14-m93d-jyd9
37
vulnerability VCID-qxab-9uwr-yqhv
38
vulnerability VCID-rqrw-t2kj-mud8
39
vulnerability VCID-ru6w-m6q6-27gn
40
vulnerability VCID-sdsa-mh76-kqch
41
vulnerability VCID-tgyt-axv1-c7ag
42
vulnerability VCID-u259-2sxq-tbct
43
vulnerability VCID-vw2r-g8yy-eyf4
44
vulnerability VCID-w1wb-mq2y-dfca
45
vulnerability VCID-x5x1-w7yv-eye9
46
vulnerability VCID-xw1s-93bu-wuh9
47
vulnerability VCID-y7ds-p5r2-yuhq
48
vulnerability VCID-yz6t-ge1y-qfgr
49
vulnerability VCID-zeut-9wfp-q7et
50
vulnerability VCID-zkvq-bms4-gfcv
51
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.1.0
1
url pkg:composer/typo3/cms@9.2.0
purl pkg:composer/typo3/cms@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ugj-6m1e-e3hr
3
vulnerability VCID-3ye6-vqje-abh4
4
vulnerability VCID-4an7-9ph4-mkd4
5
vulnerability VCID-4eym-e6vt-8fbs
6
vulnerability VCID-4jck-w9ct-budk
7
vulnerability VCID-6mnf-2fcw-dqgp
8
vulnerability VCID-7ch1-q9f4-a7bt
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-7xv1-78u7-xufp
11
vulnerability VCID-848u-w88s-5bbe
12
vulnerability VCID-8w4e-d49b-nbg8
13
vulnerability VCID-953t-q1cr-zyd6
14
vulnerability VCID-9adx-p876-kyb5
15
vulnerability VCID-abjx-8v46-d7d8
16
vulnerability VCID-am6s-67bm-77dr
17
vulnerability VCID-bbh5-rss8-bfct
18
vulnerability VCID-cvk2-93hm-gkhx
19
vulnerability VCID-dsqm-9q3e-dudw
20
vulnerability VCID-e6zr-4bgg-kkh5
21
vulnerability VCID-emqq-kwjg-3kfk
22
vulnerability VCID-ev4k-5k1d-2bhu
23
vulnerability VCID-fqkx-v8t5-q3h6
24
vulnerability VCID-fut7-bb1f-37g7
25
vulnerability VCID-hp99-ncuh-6ugv
26
vulnerability VCID-je4q-svfw-hqda
27
vulnerability VCID-jp1p-rfxa-hyd9
28
vulnerability VCID-jq5y-7h9g-mufa
29
vulnerability VCID-k5t3-28es-h3ez
30
vulnerability VCID-khpm-e1xb-hydb
31
vulnerability VCID-n1gz-y615-cbbk
32
vulnerability VCID-njsj-bwjq-fyap
33
vulnerability VCID-nney-azbc-pucg
34
vulnerability VCID-p7gd-anw2-1qbz
35
vulnerability VCID-pmvp-twk2-jqe4
36
vulnerability VCID-qv14-m93d-jyd9
37
vulnerability VCID-qxab-9uwr-yqhv
38
vulnerability VCID-rqrw-t2kj-mud8
39
vulnerability VCID-ru6w-m6q6-27gn
40
vulnerability VCID-sdsa-mh76-kqch
41
vulnerability VCID-tgyt-axv1-c7ag
42
vulnerability VCID-u259-2sxq-tbct
43
vulnerability VCID-vw2r-g8yy-eyf4
44
vulnerability VCID-w1wb-mq2y-dfca
45
vulnerability VCID-x5x1-w7yv-eye9
46
vulnerability VCID-xw1s-93bu-wuh9
47
vulnerability VCID-y7ds-p5r2-yuhq
48
vulnerability VCID-yz6t-ge1y-qfgr
49
vulnerability VCID-zeut-9wfp-q7et
50
vulnerability VCID-zkvq-bms4-gfcv
51
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.2.0
aliases CVE-2018-6905, GHSA-3w22-wrwx-2r75
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vq15-t92r-5bhx
71
url VCID-vw2r-g8yy-eyf4
vulnerability_id VCID-vw2r-g8yy-eyf4
summary 
Code Injection
Arbitrary Code Execution via File List Module.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-008/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-008/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GMS-2019-178
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vw2r-g8yy-eyf4
72
url VCID-w1wb-mq2y-dfca
vulnerability_id VCID-w1wb-mq2y-dfca
summary Privilege Escalation & SQL Injection in TYPO3 CMS.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-003/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-003/
fixed_packages
0
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ugj-6m1e-e3hr
3
vulnerability VCID-3ye6-vqje-abh4
4
vulnerability VCID-4an7-9ph4-mkd4
5
vulnerability VCID-4eym-e6vt-8fbs
6
vulnerability VCID-4jck-w9ct-budk
7
vulnerability VCID-6mnf-2fcw-dqgp
8
vulnerability VCID-7ch1-q9f4-a7bt
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-7xv1-78u7-xufp
11
vulnerability VCID-848u-w88s-5bbe
12
vulnerability VCID-8w4e-d49b-nbg8
13
vulnerability VCID-953t-q1cr-zyd6
14
vulnerability VCID-9adx-p876-kyb5
15
vulnerability VCID-am6s-67bm-77dr
16
vulnerability VCID-bbh5-rss8-bfct
17
vulnerability VCID-cvk2-93hm-gkhx
18
vulnerability VCID-dsqm-9q3e-dudw
19
vulnerability VCID-e6zr-4bgg-kkh5
20
vulnerability VCID-emqq-kwjg-3kfk
21
vulnerability VCID-ev4k-5k1d-2bhu
22
vulnerability VCID-fqkx-v8t5-q3h6
23
vulnerability VCID-fut7-bb1f-37g7
24
vulnerability VCID-hp99-ncuh-6ugv
25
vulnerability VCID-jp1p-rfxa-hyd9
26
vulnerability VCID-jq5y-7h9g-mufa
27
vulnerability VCID-k5t3-28es-h3ez
28
vulnerability VCID-khpm-e1xb-hydb
29
vulnerability VCID-n1gz-y615-cbbk
30
vulnerability VCID-nney-azbc-pucg
31
vulnerability VCID-p7gd-anw2-1qbz
32
vulnerability VCID-pmvp-twk2-jqe4
33
vulnerability VCID-qv14-m93d-jyd9
34
vulnerability VCID-qxab-9uwr-yqhv
35
vulnerability VCID-rqrw-t2kj-mud8
36
vulnerability VCID-ru6w-m6q6-27gn
37
vulnerability VCID-sdsa-mh76-kqch
38
vulnerability VCID-tgyt-axv1-c7ag
39
vulnerability VCID-u259-2sxq-tbct
40
vulnerability VCID-vw2r-g8yy-eyf4
41
vulnerability VCID-x5x1-w7yv-eye9
42
vulnerability VCID-xw1s-93bu-wuh9
43
vulnerability VCID-y7ds-p5r2-yuhq
44
vulnerability VCID-yz6t-ge1y-qfgr
45
vulnerability VCID-zeut-9wfp-q7et
46
vulnerability VCID-zkvq-bms4-gfcv
47
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GMS-2018-95
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w1wb-mq2y-dfca
73
url VCID-w7z1-aw31-vugx
vulnerability_id VCID-w7z1-aw31-vugx
summary 
Typo3 Cross-Site Scripting in Language Pack Handling
Failing to properly encode information from external sources, language pack handling in the install tool is vulnerable to cross-site scripting.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-8.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-8.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-004
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-004
3
reference_url https://github.com/advisories/GHSA-259v-xm34-p7fr
reference_id GHSA-259v-xm34-p7fr
reference_type
scores
url https://github.com/advisories/GHSA-259v-xm34-p7fr
fixed_packages
0
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GHSA-259v-xm34-p7fr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w7z1-aw31-vugx
74
url VCID-wat8-4m83-hken
vulnerability_id VCID-wat8-4m83-hken
summary 
TYPO3 Cross-Site Scripting in Link Handling
It has been discovered that `t3://` URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with typolink.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-12-17-2.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-12-17-2.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/25f796b94e23bac77e836bd38f53ce998c094901
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/25f796b94e23bac77e836bd38f53ce998c094901
3
reference_url https://github.com/TYPO3/typo3/commit/64db88b9b61bb67b3b44145dc8e0e1ef251da45e
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/64db88b9b61bb67b3b44145dc8e0e1ef251da45e
4
reference_url https://github.com/TYPO3/typo3/commit/a35c42e9bcb020e16016d1c146354513a9856bc0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/a35c42e9bcb020e16016d1c146354513a9856bc0
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-022
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-022
6
reference_url https://github.com/advisories/GHSA-xgmx-j3hv-jh9x
reference_id GHSA-xgmx-j3hv-jh9x
reference_type
scores
url https://github.com/advisories/GHSA-xgmx-j3hv-jh9x
fixed_packages
0
url pkg:composer/typo3/cms@9.5.12
purl pkg:composer/typo3/cms@9.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-bcbd-zzet-mff6
8
vulnerability VCID-e6zr-4bgg-kkh5
9
vulnerability VCID-ev4k-5k1d-2bhu
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-jp1p-rfxa-hyd9
12
vulnerability VCID-n1gz-y615-cbbk
13
vulnerability VCID-tgyt-axv1-c7ag
14
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12
1
url pkg:composer/typo3/cms@10.2.1
purl pkg:composer/typo3/cms@10.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-2tz2-8qdm-2kcv
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-6urp-p9mn-cffv
6
vulnerability VCID-848u-w88s-5bbe
7
vulnerability VCID-8w4e-d49b-nbg8
8
vulnerability VCID-bbh5-rss8-bfct
9
vulnerability VCID-bcbd-zzet-mff6
10
vulnerability VCID-c46m-ht19-ybc4
11
vulnerability VCID-e6zr-4bgg-kkh5
12
vulnerability VCID-ev4k-5k1d-2bhu
13
vulnerability VCID-fqkx-v8t5-q3h6
14
vulnerability VCID-jp1p-rfxa-hyd9
15
vulnerability VCID-n1gz-y615-cbbk
16
vulnerability VCID-r3az-g422-gqf9
17
vulnerability VCID-tgyt-axv1-c7ag
18
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.1
aliases GHSA-xgmx-j3hv-jh9x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wat8-4m83-hken
75
url VCID-x5x1-w7yv-eye9
vulnerability_id VCID-x5x1-w7yv-eye9
summary 
Code Injection
Possible Arbitrary Code Execution in Image Processing.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-012/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-012/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.6
purl pkg:composer/typo3/cms@9.5.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-4eym-e6vt-8fbs
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-7m6u-k5tp-gkhy
6
vulnerability VCID-7xv1-78u7-xufp
7
vulnerability VCID-848u-w88s-5bbe
8
vulnerability VCID-8w4e-d49b-nbg8
9
vulnerability VCID-bbh5-rss8-bfct
10
vulnerability VCID-cbmm-1b2k-8qaz
11
vulnerability VCID-cvk2-93hm-gkhx
12
vulnerability VCID-e6zr-4bgg-kkh5
13
vulnerability VCID-ev4k-5k1d-2bhu
14
vulnerability VCID-fqkx-v8t5-q3h6
15
vulnerability VCID-fut7-bb1f-37g7
16
vulnerability VCID-jp1p-rfxa-hyd9
17
vulnerability VCID-n1gz-y615-cbbk
18
vulnerability VCID-nney-azbc-pucg
19
vulnerability VCID-p7gd-anw2-1qbz
20
vulnerability VCID-qv14-m93d-jyd9
21
vulnerability VCID-rqrw-t2kj-mud8
22
vulnerability VCID-tgyt-axv1-c7ag
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zeut-9wfp-q7et
26
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6
aliases GMS-2019-182
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x5x1-w7yv-eye9
76
url VCID-xvyu-2hb8-8ufh
vulnerability_id VCID-xvyu-2hb8-8ufh
summary 
TYPO3 Information Disclosure in Install Tool
The Install Tool exposes the current TYPO3 version number to non-authenticated users.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-5.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-5.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/232d0a64282382229c205904173a16a581555fe3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/232d0a64282382229c205904173a16a581555fe3
3
reference_url https://github.com/TYPO3/typo3/commit/b4dd20f31d483f6399e8bcbffcac3e16a2df0d92
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/b4dd20f31d483f6399e8bcbffcac3e16a2df0d92
4
reference_url https://github.com/TYPO3/typo3/commit/fab0cbc970b709ed65fc4622a2cbd52a197480c4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/fab0cbc970b709ed65fc4622a2cbd52a197480c4
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-010
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-010
6
reference_url https://github.com/advisories/GHSA-6487-3qvg-8px9
reference_id GHSA-6487-3qvg-8px9
reference_type
scores
url https://github.com/advisories/GHSA-6487-3qvg-8px9
fixed_packages
0
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-6487-3qvg-8px9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xvyu-2hb8-8ufh
77
url VCID-xw1s-93bu-wuh9
vulnerability_id VCID-xw1s-93bu-wuh9
summary 
Path Traversal
It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19848
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.59393
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19848
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19848.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19848.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19848.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19848.yaml
3
reference_url https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-024
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-024
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-024/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-024/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19848
reference_id CVE-2019-19848
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19848
fixed_packages
0
url pkg:composer/typo3/cms@9.5.12
purl pkg:composer/typo3/cms@9.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-bcbd-zzet-mff6
8
vulnerability VCID-e6zr-4bgg-kkh5
9
vulnerability VCID-ev4k-5k1d-2bhu
10
vulnerability VCID-fqkx-v8t5-q3h6
11
vulnerability VCID-jp1p-rfxa-hyd9
12
vulnerability VCID-n1gz-y615-cbbk
13
vulnerability VCID-tgyt-axv1-c7ag
14
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12
1
url pkg:composer/typo3/cms@10.2.2
purl pkg:composer/typo3/cms@10.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-2tz2-8qdm-2kcv
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-6mnf-2fcw-dqgp
5
vulnerability VCID-6urp-p9mn-cffv
6
vulnerability VCID-848u-w88s-5bbe
7
vulnerability VCID-8w4e-d49b-nbg8
8
vulnerability VCID-bbh5-rss8-bfct
9
vulnerability VCID-bcbd-zzet-mff6
10
vulnerability VCID-c46m-ht19-ybc4
11
vulnerability VCID-e6zr-4bgg-kkh5
12
vulnerability VCID-ev4k-5k1d-2bhu
13
vulnerability VCID-fqkx-v8t5-q3h6
14
vulnerability VCID-jp1p-rfxa-hyd9
15
vulnerability VCID-n1gz-y615-cbbk
16
vulnerability VCID-r3az-g422-gqf9
17
vulnerability VCID-tgyt-axv1-c7ag
18
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.2
aliases CVE-2019-19848, GHSA-77p4-wfr8-977w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xw1s-93bu-wuh9
78
url VCID-y7ds-p5r2-yuhq
vulnerability_id VCID-y7ds-p5r2-yuhq
summary Security Misconfiguration in Frontend Session Handling.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-018/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-018/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases GMS-2019-187
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y7ds-p5r2-yuhq
79
url VCID-yh6b-tc4u-v3bk
vulnerability_id VCID-yh6b-tc4u-v3bk
summary 
TYPO3 Arbitrary Code Execution via File List Module
Due to missing file extensions in $GLOBALS['TYPO3_CONF_VARS']['BE'][‘fileDenyPattern’], backend users are allowed to upload *.phar, *.shtml, *.pl or *.cgi files which can be executed in certain web server setups. A valid backend user account is needed in order to exploit this vulnerability.

Derivatives of Debian GNU Linux are handling *.phar files as PHP applications since PHP 7.1 (for unofficial packages) and PHP 7.2 (for official packages).

The file extension *.shtml is bound to server side includes which are not enabled per default in most common Linux based distributions. File extension *.pl and *.cgi require additional handlers to be configured which is also not the case in most common distributions (except for /cgi-bin/ location).
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-7.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-7.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/095ae4ab6869d0f7dc7befedb851cdd7ad0c7ebf
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/095ae4ab6869d0f7dc7befedb851cdd7ad0c7ebf
3
reference_url https://github.com/TYPO3/typo3/commit/9990278ce7cf8e4d6b8bf31edec6787722d38b0f
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/9990278ce7cf8e4d6b8bf31edec6787722d38b0f
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-008
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-008
5
reference_url https://github.com/advisories/GHSA-8h4m-r4wm-xj7r
reference_id GHSA-8h4m-r4wm-xj7r
reference_type
scores
url https://github.com/advisories/GHSA-8h4m-r4wm-xj7r
fixed_packages
0
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GHSA-8h4m-r4wm-xj7r
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yh6b-tc4u-v3bk
80
url VCID-yz6t-ge1y-qfgr
vulnerability_id VCID-yz6t-ge1y-qfgr
summary Security Misconfiguration in Install Tool Cookie.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-009/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-009/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-4jck-w9ct-budk
6
vulnerability VCID-6mnf-2fcw-dqgp
7
vulnerability VCID-7m6u-k5tp-gkhy
8
vulnerability VCID-7xv1-78u7-xufp
9
vulnerability VCID-848u-w88s-5bbe
10
vulnerability VCID-8w4e-d49b-nbg8
11
vulnerability VCID-9adx-p876-kyb5
12
vulnerability VCID-am6s-67bm-77dr
13
vulnerability VCID-bbh5-rss8-bfct
14
vulnerability VCID-cvk2-93hm-gkhx
15
vulnerability VCID-e6zr-4bgg-kkh5
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-fut7-bb1f-37g7
19
vulnerability VCID-jp1p-rfxa-hyd9
20
vulnerability VCID-k5t3-28es-h3ez
21
vulnerability VCID-khpm-e1xb-hydb
22
vulnerability VCID-n1gz-y615-cbbk
23
vulnerability VCID-nney-azbc-pucg
24
vulnerability VCID-p7gd-anw2-1qbz
25
vulnerability VCID-pmvp-twk2-jqe4
26
vulnerability VCID-qv14-m93d-jyd9
27
vulnerability VCID-rqrw-t2kj-mud8
28
vulnerability VCID-ru6w-m6q6-27gn
29
vulnerability VCID-sdsa-mh76-kqch
30
vulnerability VCID-tgyt-axv1-c7ag
31
vulnerability VCID-u259-2sxq-tbct
32
vulnerability VCID-vw2r-g8yy-eyf4
33
vulnerability VCID-x5x1-w7yv-eye9
34
vulnerability VCID-xw1s-93bu-wuh9
35
vulnerability VCID-y7ds-p5r2-yuhq
36
vulnerability VCID-zeut-9wfp-q7et
37
vulnerability VCID-zkvq-bms4-gfcv
38
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-100
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yz6t-ge1y-qfgr
81
url VCID-zeut-9wfp-q7et
vulnerability_id VCID-zeut-9wfp-q7et
summary 
Deserialization of Untrusted Data
In Symfony it is possible to cache objects that may contain bad user input. On serialization or unserialization, this could result in the deletion of files that the current user has access to.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-10912
reference_id
reference_type
scores
0
value 0.01116
scoring_system epss
scoring_elements 0.78539
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-10912
1
reference_url https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/symfony/symfony/commit/4fb975281634b8d49ebf013af9e502e67c28816b
2
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/
8
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/
18
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD
19
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/42UEKSLKJB72P24JBWVN6AADHLMYSUQD/
20
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6QEAOZXVNDA63537A2OIH4QE77EKZR5O/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAC2TQVEEH5FDJSSWPM2BCRIPTCOEMMO/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BHHIG4GMSGEIDT3RITSW7GJ5NT6IBHXU/
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD
27
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LFARAUAWZE4UDSKVDWRD35D75HI5UGSD/
28
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA
29
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MDSM576XIOVXVCMHNJHLBBZBTOD62LDA/
30
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL
31
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTJGZJLPG5FHKFH7KNAKNTWOGBB6LXAL/
32
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD
33
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLOZX5BZMQKWG7PJRQL6MB5CAMKBQAWD/
34
reference_url https://seclists.org/bugtraq/2019/May/21
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://seclists.org/bugtraq/2019/May/21
35
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-016
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-016
36
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-016/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-016/
37
reference_url https://www.debian.org/security/2019/dsa-4441
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2019/dsa-4441
38
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10912
reference_id CVE-2019-10912
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-10912
39
reference_url https://symfony.com/cve-2019-10912
reference_id CVE-2019-10912
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/cve-2019-10912
40
reference_url https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
reference_id CVE-2019-10912-PREVENT-DESTRUCTORS-WITH-SIDE-EFFECTS-FROM-BEING-UNSERIALIZED
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized
41
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml
reference_id CVE-2019-10912.YAML
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/cache/CVE-2019-10912.yaml
42
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml
reference_id CVE-2019-10912.YAML
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/phpunit-bridge/CVE-2019-10912.yaml
43
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml
reference_id CVE-2019-10912.YAML
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2019-10912.yaml
44
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-10912.yaml
reference_id CVE-2019-10912.YAML
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-10912.yaml
45
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-10912.yaml
reference_id CVE-2019-10912.YAML
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-10912.yaml
46
reference_url https://github.com/advisories/GHSA-w2fr-65vp-mxw3
reference_id GHSA-w2fr-65vp-mxw3
reference_type
scores
url https://github.com/advisories/GHSA-w2fr-65vp-mxw3
fixed_packages
0
url pkg:composer/typo3/cms@9.5.8
purl pkg:composer/typo3/cms@9.5.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-848u-w88s-5bbe
5
vulnerability VCID-8w4e-d49b-nbg8
6
vulnerability VCID-bbh5-rss8-bfct
7
vulnerability VCID-e6zr-4bgg-kkh5
8
vulnerability VCID-ev4k-5k1d-2bhu
9
vulnerability VCID-fqkx-v8t5-q3h6
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-n1gz-y615-cbbk
12
vulnerability VCID-p7gd-anw2-1qbz
13
vulnerability VCID-rqrw-t2kj-mud8
14
vulnerability VCID-tgyt-axv1-c7ag
15
vulnerability VCID-xw1s-93bu-wuh9
16
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8
aliases CVE-2019-10912, GHSA-w2fr-65vp-mxw3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zeut-9wfp-q7et
82
url VCID-zgfw-pk39-gyg8
vulnerability_id VCID-zgfw-pk39-gyg8
summary 
TYPO3 Cross-Site Scripting in Fluid ViewHelpers
Failing to properly encode user input, templates using built-in Fluid ViewHelpers are vulnerable to cross-site scripting.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-4.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2019-01-22-4.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/732c4acfaeaa7fd193674cd4d1ca7e369e21b96f
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/732c4acfaeaa7fd193674cd4d1ca7e369e21b96f
3
reference_url https://github.com/TYPO3/typo3/commit/c94f566514eaff62dd836541c99b438ac55f6842
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/c94f566514eaff62dd836541c99b438ac55f6842
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-005
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-005
5
reference_url https://github.com/advisories/GHSA-85ch-44w7-rf32
reference_id GHSA-85ch-44w7-rf32
reference_type
scores
url https://github.com/advisories/GHSA-85ch-44w7-rf32
fixed_packages
0
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GHSA-85ch-44w7-rf32
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zgfw-pk39-gyg8
83
url VCID-zkvq-bms4-gfcv
vulnerability_id VCID-zkvq-bms4-gfcv
summary 
Improper Input Validation
In TYPO3 CMS, in a case where an attacker manages to generate a valid cryptographic message authentication code (HMAC-SHA1), it is possible to retrieve arbitrary files of a TYPO3 installation. This includes the possibility to fetch `typo3conf/LocalConfiguration.php`, which again contains the `encryptionKey` as well as credentials of the database management system being used. In case a database server is directly accessible either via internet or in a shared hosting network, this allows the ability to completely retrieve, manipulate or delete database contents. This includes creating an administration user account which can be used to trigger remote code execution by injecting custom extensions.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-15099
reference_id
reference_type
scores
0
value 0.01187
scoring_system epss
scoring_elements 0.79142
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-15099
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-15099.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-15099.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-15099.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-15099.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2020-007
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2020-007
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-15099
reference_id CVE-2020-15099
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-15099
6
reference_url https://github.com/advisories/GHSA-3x94-fv5h-5q2c
reference_id GHSA-3x94-fv5h-5q2c
reference_type
scores
url https://github.com/advisories/GHSA-3x94-fv5h-5q2c
7
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3x94-fv5h-5q2c
reference_id GHSA-3x94-fv5h-5q2c
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3x94-fv5h-5q2c
fixed_packages
0
url pkg:composer/typo3/cms@9.5.20
purl pkg:composer/typo3/cms@9.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4an7-9ph4-mkd4
2
vulnerability VCID-6mnf-2fcw-dqgp
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-ev4k-5k1d-2bhu
5
vulnerability VCID-fqkx-v8t5-q3h6
6
vulnerability VCID-jp1p-rfxa-hyd9
7
vulnerability VCID-tgyt-axv1-c7ag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.20
1
url pkg:composer/typo3/cms@10.4.6
purl pkg:composer/typo3/cms@10.4.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-2tz2-8qdm-2kcv
2
vulnerability VCID-4an7-9ph4-mkd4
3
vulnerability VCID-6mnf-2fcw-dqgp
4
vulnerability VCID-6urp-p9mn-cffv
5
vulnerability VCID-848u-w88s-5bbe
6
vulnerability VCID-c46m-ht19-ybc4
7
vulnerability VCID-ev4k-5k1d-2bhu
8
vulnerability VCID-fqkx-v8t5-q3h6
9
vulnerability VCID-jp1p-rfxa-hyd9
10
vulnerability VCID-tgyt-axv1-c7ag
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.6
aliases CVE-2020-15099, GHSA-3x94-fv5h-5q2c
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zkvq-bms4-gfcv
84
url VCID-zmwv-gwq3-fkej
vulnerability_id VCID-zmwv-gwq3-fkej
summary 
Cross-site Scripting
Cross-Site Scripting in Form Framework.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-007/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-007/
fixed_packages
0
url pkg:composer/typo3/cms@9.5.4
purl pkg:composer/typo3/cms@9.5.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-1sfk-z8py-ykb8
2
vulnerability VCID-3ye6-vqje-abh4
3
vulnerability VCID-4an7-9ph4-mkd4
4
vulnerability VCID-4eym-e6vt-8fbs
5
vulnerability VCID-6mnf-2fcw-dqgp
6
vulnerability VCID-7m6u-k5tp-gkhy
7
vulnerability VCID-7xv1-78u7-xufp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-9adx-p876-kyb5
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-cvk2-93hm-gkhx
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-fut7-bb1f-37g7
17
vulnerability VCID-jp1p-rfxa-hyd9
18
vulnerability VCID-k5t3-28es-h3ez
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-nney-azbc-pucg
21
vulnerability VCID-p7gd-anw2-1qbz
22
vulnerability VCID-qv14-m93d-jyd9
23
vulnerability VCID-rqrw-t2kj-mud8
24
vulnerability VCID-ru6w-m6q6-27gn
25
vulnerability VCID-sdsa-mh76-kqch
26
vulnerability VCID-tgyt-axv1-c7ag
27
vulnerability VCID-x5x1-w7yv-eye9
28
vulnerability VCID-xw1s-93bu-wuh9
29
vulnerability VCID-y7ds-p5r2-yuhq
30
vulnerability VCID-zeut-9wfp-q7et
31
vulnerability VCID-zkvq-bms4-gfcv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4
aliases GMS-2019-177
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zmwv-gwq3-fkej
Fixing_vulnerabilities
0
url VCID-bn3p-39sv-6fdg
vulnerability_id VCID-bn3p-39sv-6fdg
summary 
Improper Access Control
Broken Access Control in Localization Handling.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-003/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-003/
fixed_packages
0
url pkg:composer/typo3/cms@8.7.23
purl pkg:composer/typo3/cms@8.7.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-ev4k-5k1d-2bhu
5
vulnerability VCID-fqkx-v8t5-q3h6
6
vulnerability VCID-fut7-bb1f-37g7
7
vulnerability VCID-jp1p-rfxa-hyd9
8
vulnerability VCID-k5t3-28es-h3ez
9
vulnerability VCID-nney-azbc-pucg
10
vulnerability VCID-p7gd-anw2-1qbz
11
vulnerability VCID-qv14-m93d-jyd9
12
vulnerability VCID-rqrw-t2kj-mud8
13
vulnerability VCID-ru6w-m6q6-27gn
14
vulnerability VCID-sdsa-mh76-kqch
15
vulnerability VCID-tgyt-axv1-c7ag
16
vulnerability VCID-x5x1-w7yv-eye9
17
vulnerability VCID-xw1s-93bu-wuh9
18
vulnerability VCID-y7ds-p5r2-yuhq
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23
1
url pkg:composer/typo3/cms@9.0.0
purl pkg:composer/typo3/cms@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11u3-8xzy-jfhh
1
vulnerability VCID-1ffs-9vj5-27hk
2
vulnerability VCID-1sfk-z8py-ykb8
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-3k2k-a3gb-n3ba
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-66kh-c1dm-8fbf
13
vulnerability VCID-6mnf-2fcw-dqgp
14
vulnerability VCID-7ch1-q9f4-a7bt
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-953t-q1cr-zyd6
21
vulnerability VCID-9adx-p876-kyb5
22
vulnerability VCID-9yu1-z7c2-t3fj
23
vulnerability VCID-a1g9-pyz5-9fca
24
vulnerability VCID-abjx-8v46-d7d8
25
vulnerability VCID-am6s-67bm-77dr
26
vulnerability VCID-bbh5-rss8-bfct
27
vulnerability VCID-buj5-2t53-3kcr
28
vulnerability VCID-cvk2-93hm-gkhx
29
vulnerability VCID-dsqm-9q3e-dudw
30
vulnerability VCID-e6zr-4bgg-kkh5
31
vulnerability VCID-emqq-kwjg-3kfk
32
vulnerability VCID-ev4k-5k1d-2bhu
33
vulnerability VCID-f319-jpf5-hyex
34
vulnerability VCID-f4n7-q72x-3yea
35
vulnerability VCID-fpa2-ffg1-fyaa
36
vulnerability VCID-fqkc-utex-3kav
37
vulnerability VCID-fqkx-v8t5-q3h6
38
vulnerability VCID-fut7-bb1f-37g7
39
vulnerability VCID-gpv4-4tpd-tbaa
40
vulnerability VCID-hknp-f88a-kqec
41
vulnerability VCID-hp99-ncuh-6ugv
42
vulnerability VCID-j8hk-bqnb-gycp
43
vulnerability VCID-je4q-svfw-hqda
44
vulnerability VCID-jp1p-rfxa-hyd9
45
vulnerability VCID-jq5y-7h9g-mufa
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-n1gz-y615-cbbk
50
vulnerability VCID-njsj-bwjq-fyap
51
vulnerability VCID-nney-azbc-pucg
52
vulnerability VCID-p576-w7dd-p3h7
53
vulnerability VCID-p7gd-anw2-1qbz
54
vulnerability VCID-pmvp-twk2-jqe4
55
vulnerability VCID-q2t1-kx56-s3c3
56
vulnerability VCID-q7vt-19eb-sqeq
57
vulnerability VCID-qcnh-z4zh-myaw
58
vulnerability VCID-qdxh-arxx-wbcr
59
vulnerability VCID-qv14-m93d-jyd9
60
vulnerability VCID-qxab-9uwr-yqhv
61
vulnerability VCID-rqrw-t2kj-mud8
62
vulnerability VCID-ru6w-m6q6-27gn
63
vulnerability VCID-sdjb-gp4t-vbgt
64
vulnerability VCID-sdsa-mh76-kqch
65
vulnerability VCID-teby-zvvw-zkhv
66
vulnerability VCID-tgyt-axv1-c7ag
67
vulnerability VCID-u259-2sxq-tbct
68
vulnerability VCID-u6as-cwxc-pkhk
69
vulnerability VCID-uq77-aax5-k7d8
70
vulnerability VCID-vq15-t92r-5bhx
71
vulnerability VCID-vw2r-g8yy-eyf4
72
vulnerability VCID-w1wb-mq2y-dfca
73
vulnerability VCID-w7z1-aw31-vugx
74
vulnerability VCID-wat8-4m83-hken
75
vulnerability VCID-x5x1-w7yv-eye9
76
vulnerability VCID-xvyu-2hb8-8ufh
77
vulnerability VCID-xw1s-93bu-wuh9
78
vulnerability VCID-y7ds-p5r2-yuhq
79
vulnerability VCID-yh6b-tc4u-v3bk
80
vulnerability VCID-yz6t-ge1y-qfgr
81
vulnerability VCID-zeut-9wfp-q7et
82
vulnerability VCID-zgfw-pk39-gyg8
83
vulnerability VCID-zkvq-bms4-gfcv
84
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0
aliases GMS-2019-174
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bn3p-39sv-6fdg
1
url VCID-fdnw-2tz5-4fdr
vulnerability_id VCID-fdnw-2tz5-4fdr
summary 
Uncontrolled Resource Consumption
Denial of Service in Frontend Record Registration.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-012/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-012/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ev4k-5k1d-2bhu
1
vulnerability VCID-fqkx-v8t5-q3h6
2
vulnerability VCID-jp1p-rfxa-hyd9
3
vulnerability VCID-p7gd-anw2-1qbz
4
vulnerability VCID-tgyt-axv1-c7ag
5
vulnerability VCID-xw1s-93bu-wuh9
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ffs-9vj5-27hk
1
vulnerability VCID-4eym-e6vt-8fbs
2
vulnerability VCID-7m6u-k5tp-gkhy
3
vulnerability VCID-848u-w88s-5bbe
4
vulnerability VCID-am6s-67bm-77dr
5
vulnerability VCID-bn3p-39sv-6fdg
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fqkx-v8t5-q3h6
8
vulnerability VCID-fut7-bb1f-37g7
9
vulnerability VCID-jp1p-rfxa-hyd9
10
vulnerability VCID-k5t3-28es-h3ez
11
vulnerability VCID-khpm-e1xb-hydb
12
vulnerability VCID-nney-azbc-pucg
13
vulnerability VCID-p7gd-anw2-1qbz
14
vulnerability VCID-pmvp-twk2-jqe4
15
vulnerability VCID-qv14-m93d-jyd9
16
vulnerability VCID-rqrw-t2kj-mud8
17
vulnerability VCID-ru6w-m6q6-27gn
18
vulnerability VCID-sdsa-mh76-kqch
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-u259-2sxq-tbct
21
vulnerability VCID-vw2r-g8yy-eyf4
22
vulnerability VCID-x5x1-w7yv-eye9
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-y7ds-p5r2-yuhq
25
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.0.0
purl pkg:composer/typo3/cms@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11u3-8xzy-jfhh
1
vulnerability VCID-1ffs-9vj5-27hk
2
vulnerability VCID-1sfk-z8py-ykb8
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-3k2k-a3gb-n3ba
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-66kh-c1dm-8fbf
13
vulnerability VCID-6mnf-2fcw-dqgp
14
vulnerability VCID-7ch1-q9f4-a7bt
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-953t-q1cr-zyd6
21
vulnerability VCID-9adx-p876-kyb5
22
vulnerability VCID-9yu1-z7c2-t3fj
23
vulnerability VCID-a1g9-pyz5-9fca
24
vulnerability VCID-abjx-8v46-d7d8
25
vulnerability VCID-am6s-67bm-77dr
26
vulnerability VCID-bbh5-rss8-bfct
27
vulnerability VCID-buj5-2t53-3kcr
28
vulnerability VCID-cvk2-93hm-gkhx
29
vulnerability VCID-dsqm-9q3e-dudw
30
vulnerability VCID-e6zr-4bgg-kkh5
31
vulnerability VCID-emqq-kwjg-3kfk
32
vulnerability VCID-ev4k-5k1d-2bhu
33
vulnerability VCID-f319-jpf5-hyex
34
vulnerability VCID-f4n7-q72x-3yea
35
vulnerability VCID-fpa2-ffg1-fyaa
36
vulnerability VCID-fqkc-utex-3kav
37
vulnerability VCID-fqkx-v8t5-q3h6
38
vulnerability VCID-fut7-bb1f-37g7
39
vulnerability VCID-gpv4-4tpd-tbaa
40
vulnerability VCID-hknp-f88a-kqec
41
vulnerability VCID-hp99-ncuh-6ugv
42
vulnerability VCID-j8hk-bqnb-gycp
43
vulnerability VCID-je4q-svfw-hqda
44
vulnerability VCID-jp1p-rfxa-hyd9
45
vulnerability VCID-jq5y-7h9g-mufa
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-n1gz-y615-cbbk
50
vulnerability VCID-njsj-bwjq-fyap
51
vulnerability VCID-nney-azbc-pucg
52
vulnerability VCID-p576-w7dd-p3h7
53
vulnerability VCID-p7gd-anw2-1qbz
54
vulnerability VCID-pmvp-twk2-jqe4
55
vulnerability VCID-q2t1-kx56-s3c3
56
vulnerability VCID-q7vt-19eb-sqeq
57
vulnerability VCID-qcnh-z4zh-myaw
58
vulnerability VCID-qdxh-arxx-wbcr
59
vulnerability VCID-qv14-m93d-jyd9
60
vulnerability VCID-qxab-9uwr-yqhv
61
vulnerability VCID-rqrw-t2kj-mud8
62
vulnerability VCID-ru6w-m6q6-27gn
63
vulnerability VCID-sdjb-gp4t-vbgt
64
vulnerability VCID-sdsa-mh76-kqch
65
vulnerability VCID-teby-zvvw-zkhv
66
vulnerability VCID-tgyt-axv1-c7ag
67
vulnerability VCID-u259-2sxq-tbct
68
vulnerability VCID-u6as-cwxc-pkhk
69
vulnerability VCID-uq77-aax5-k7d8
70
vulnerability VCID-vq15-t92r-5bhx
71
vulnerability VCID-vw2r-g8yy-eyf4
72
vulnerability VCID-w1wb-mq2y-dfca
73
vulnerability VCID-w7z1-aw31-vugx
74
vulnerability VCID-wat8-4m83-hken
75
vulnerability VCID-x5x1-w7yv-eye9
76
vulnerability VCID-xvyu-2hb8-8ufh
77
vulnerability VCID-xw1s-93bu-wuh9
78
vulnerability VCID-y7ds-p5r2-yuhq
79
vulnerability VCID-yh6b-tc4u-v3bk
80
vulnerability VCID-yz6t-ge1y-qfgr
81
vulnerability VCID-zeut-9wfp-q7et
82
vulnerability VCID-zgfw-pk39-gyg8
83
vulnerability VCID-zkvq-bms4-gfcv
84
vulnerability VCID-zmwv-gwq3-fkej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0
aliases GMS-2018-103
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fdnw-2tz5-4fdr
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0