Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/57629?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/57629?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.19", "type": "composer", "namespace": "typo3", "name": "cms-core", "version": "10.4.19", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "11.5.33", "latest_non_vulnerable_version": "14.0.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16817?format=api", "vulnerability_id": "VCID-293q-d5mc-g7a5", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nTYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv('SCRIPT_NAME')` and corresponding usages (as shown below) is vulnerable as well. Additional investigations confirmed that at least Apache web server deployments using CGI (FPM, FCGI/FastCGI, and similar) are affected. However, there still might be the risk that other scenarios like nginx, IIS, or Apache/mod_php is vulnerable. The usage of server environment variable `PATH_INFO` has been removed from corresponding processings in `GeneralUtility::getIndpEnv()`. Besides that, the public property `TypoScriptFrontendController::$absRefPrefix` is encoded for both being used as a URI component and for being used as a prefix in an HTML context. This mitigates the cross-site scripting vulnerability. Users are advised to update to TYPO3 versions 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS and 12.2.0 which fix this problem. For users who are unable to patch in a timely manner the TypoScript setting `config.absRefPrefix` should at least be set to a static path value, instead of using auto - e.g. `config.absRefPrefix=/`. This workaround **does not fix all aspects of the vulnerability**, and is just considered to be an intermediate mitigation to the most prominent manifestation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24814", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00867", "scoring_system": "epss", "scoring_elements": "0.75475", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-24814" }, { "reference_url": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/" } ], "url": "https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/" } ], "url": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484" }, { "reference_url": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/" } ], "url": "https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/" } ], "url": "https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2023-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2023-001" }, { "reference_url": "https://typo3.org/security/advisory/typo3-psa-2023-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/" } ], "url": "https://typo3.org/security/advisory/typo3-psa-2023-001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24814", "reference_id": "CVE-2023-24814", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-24814" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2023-24814.yaml", "reference_id": "CVE-2023-24814.YAML", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2023-24814.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-r4f8-f93x-5qh3", "reference_id": "GHSA-r4f8-f93x-5qh3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r4f8-f93x-5qh3" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3", "reference_id": "GHSA-r4f8-f93x-5qh3", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62683?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.36", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.36" }, { "url": "http://public2.vulnerablecode.io/api/packages/62684?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.23", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.23" }, { "url": "http://public2.vulnerablecode.io/api/packages/62685?format=api", "purl": "pkg:composer/typo3/cms-core@12.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.2.0" } ], "aliases": [ "CVE-2023-24814", "GHSA-r4f8-f93x-5qh3" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-293q-d5mc-g7a5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/192057?format=api", "vulnerability_id": "VCID-2xhn-vx99-xufa", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23504", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60025", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-23504" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23504.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23504.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23504.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23504.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/d1e627ff7eef07bd94c53db861e85977b203900a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/d1e627ff7eef07bd94c53db861e85977b203900a" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T19:21:01Z/" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23504", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23504" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2022-016", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-016" }, { "reference_url": "https://github.com/advisories/GHSA-8w3p-qh3x-6gjr", "reference_id": "GHSA-8w3p-qh3x-6gjr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8w3p-qh3x-6gjr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/213101?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.33", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/213102?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/213103?format=api", "purl": "pkg:composer/typo3/cms-core@12.1.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.1.1" } ], "aliases": [ "CVE-2022-23504", "GHSA-8w3p-qh3x-6gjr" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2xhn-vx99-xufa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201121?format=api", "vulnerability_id": "VCID-756q-b4wh-tydg", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36108", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00687", "scoring_system": "epss", "scoring_elements": "0.72061", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36108" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/c62e16fac031c270d9759c7261e504c7e25405df", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/c62e16fac031c270d9759c7261e504c7e25405df" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2022-010", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-010" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36108", "reference_id": "CVE-2022-36108", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36108" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36108.yaml", "reference_id": "CVE-2022-36108.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36108.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36108.yaml", "reference_id": "CVE-2022-36108.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36108.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-fv2m-9249-qx85", "reference_id": "GHSA-fv2m-9249-qx85", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fv2m-9249-qx85" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85", "reference_id": "GHSA-fv2m-9249-qx85", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79096?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/79098?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.16" } ], "aliases": [ "CVE-2022-36108", "GHSA-fv2m-9249-qx85" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-756q-b4wh-tydg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201120?format=api", "vulnerability_id": "VCID-bbx5-ycbt-xbea", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36107", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00687", "scoring_system": "epss", "scoring_elements": "0.72061", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36107" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2022-009", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-009" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36107", "reference_id": "CVE-2022-36107", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36107" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml", "reference_id": "CVE-2022-36107.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml", "reference_id": "CVE-2022-36107.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-9c6w-55cp-5w25", "reference_id": "GHSA-9c6w-55cp-5w25", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9c6w-55cp-5w25" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25", "reference_id": "GHSA-9c6w-55cp-5w25", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79096?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/79098?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.16" } ], "aliases": [ "CVE-2022-36107", "GHSA-9c6w-55cp-5w25" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bbx5-ycbt-xbea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197804?format=api", "vulnerability_id": "VCID-dfqh-9bpy-pyej", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31049", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70631", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31049" }, { "reference_url": "https://github.com/TYPO3-CMS/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3-CMS/core" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:18Z/" } ], "url": "https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2022-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:18Z/" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-004" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31049", "reference_id": "CVE-2022-31049", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31049" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31049.yaml", "reference_id": "CVE-2022-31049.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31049.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31049.yaml", "reference_id": "CVE-2022-31049.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31049.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-h4mx-xv96-2jgm", "reference_id": "GHSA-h4mx-xv96-2jgm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h4mx-xv96-2jgm" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm", "reference_id": "GHSA-h4mx-xv96-2jgm", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:18Z/" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78289?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-756q-b4wh-tydg" }, { "vulnerability": "VCID-bbx5-ycbt-xbea" }, { "vulnerability": "VCID-f8x4-nz64-3ya8" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-wgn5-c432-zfb6" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" }, { "vulnerability": "VCID-ye5a-kty9-ukaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/78292?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-756q-b4wh-tydg" }, { "vulnerability": "VCID-bbx5-ycbt-xbea" }, { "vulnerability": "VCID-f8x4-nz64-3ya8" }, { "vulnerability": "VCID-m6v1-7x64-fkdt" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-wgn5-c432-zfb6" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" }, { "vulnerability": "VCID-ye5a-kty9-ukaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.11" } ], "aliases": [ "CVE-2022-31049", "GHSA-h4mx-xv96-2jgm" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dfqh-9bpy-pyej" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201118?format=api", "vulnerability_id": "VCID-f8x4-nz64-3ya8", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36105", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00283", "scoring_system": "epss", "scoring_elements": "0.51909", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36105" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/f0fc9c4cd7c38207c30dd158de53ee5d9d6f41a2", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/f0fc9c4cd7c38207c30dd158de53ee5d9d6f41a2" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/" } ], "url": "https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2022-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-007" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36105", "reference_id": "CVE-2022-36105", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36105" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36105.yaml", "reference_id": "CVE-2022-36105.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36105.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36105.yaml", "reference_id": "CVE-2022-36105.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36105.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-m392-235j-9r7r", "reference_id": "GHSA-m392-235j-9r7r", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m392-235j-9r7r" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r", "reference_id": "GHSA-m392-235j-9r7r", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79096?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/79098?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.16" } ], "aliases": [ "CVE-2022-36105", "GHSA-m392-235j-9r7r" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f8x4-nz64-3ya8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18807?format=api", "vulnerability_id": "VCID-uja7-atac-9kgx", "summary": "TYPO3 vulnerable to Weak Authentication in Session Handling\nTYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47127", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39585", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-47127" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2023-47127.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2023-47127.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:41:35Z/" } ], "url": "https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2023-006", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:41:35Z/" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2023-006" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47127", "reference_id": "CVE-2023-47127", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-47127" }, { "reference_url": "https://github.com/advisories/GHSA-3vmm-7h4j-69rm", "reference_id": "GHSA-3vmm-7h4j-69rm", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3vmm-7h4j-69rm" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm", "reference_id": "GHSA-3vmm-7h4j-69rm", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:41:35Z/" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/66540?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.41", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.41" }, { "url": "http://public2.vulnerablecode.io/api/packages/66541?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.33", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.33" }, { "url": "http://public2.vulnerablecode.io/api/packages/66542?format=api", "purl": "pkg:composer/typo3/cms-core@12.4.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.8" } ], "aliases": [ "CVE-2023-47127", "GHSA-3vmm-7h4j-69rm" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uja7-atac-9kgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197802?format=api", "vulnerability_id": "VCID-w8jm-kzbx-dqdk", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31047", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60427", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31047" }, { "reference_url": "https://github.com/TYPO3-CMS/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3-CMS/core" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/" } ], "url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31047", "reference_id": "CVE-2022-31047", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31047" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml", "reference_id": "CVE-2022-31047.YAML", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-fh99-4pgr-8j99", "reference_id": "GHSA-fh99-4pgr-8j99", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fh99-4pgr-8j99" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99", "reference_id": "GHSA-fh99-4pgr-8j99", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78289?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-756q-b4wh-tydg" }, { "vulnerability": "VCID-bbx5-ycbt-xbea" }, { "vulnerability": "VCID-f8x4-nz64-3ya8" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-wgn5-c432-zfb6" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" }, { "vulnerability": "VCID-ye5a-kty9-ukaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/78292?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-756q-b4wh-tydg" }, { "vulnerability": "VCID-bbx5-ycbt-xbea" }, { "vulnerability": "VCID-f8x4-nz64-3ya8" }, { "vulnerability": "VCID-m6v1-7x64-fkdt" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-wgn5-c432-zfb6" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" }, { "vulnerability": "VCID-ye5a-kty9-ukaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.11" } ], "aliases": [ "CVE-2022-31047", "GHSA-fh99-4pgr-8j99" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8jm-kzbx-dqdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201119?format=api", "vulnerability_id": "VCID-wgn5-c432-zfb6", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36106", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00198", "scoring_system": "epss", "scoring_elements": "0.41725", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36106" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/00b52a443b21baaaab35f8606dbb0ce427261bb5", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/00b52a443b21baaaab35f8606dbb0ce427261bb5" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:44Z/" } ], "url": "https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2022-008", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:44Z/" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-008" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36106", "reference_id": "CVE-2022-36106", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36106" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36106.yaml", "reference_id": "CVE-2022-36106.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36106.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36106.yaml", "reference_id": "CVE-2022-36106.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36106.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-5959-4x58-r8c2", "reference_id": "GHSA-5959-4x58-r8c2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5959-4x58-r8c2" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2", "reference_id": "GHSA-5959-4x58-r8c2", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:44Z/" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79096?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/79098?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.16" } ], "aliases": [ "CVE-2022-36106", "GHSA-5959-4x58-r8c2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wgn5-c432-zfb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197801?format=api", "vulnerability_id": "VCID-x9vd-xgts-7qfr", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31046", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00148", "scoring_system": "epss", "scoring_elements": "0.35092", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31046" }, { "reference_url": "https://github.com/TYPO3-CMS/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3-CMS/core" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:21Z/" } ], "url": "https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2022-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:21Z/" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-001" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31046", "reference_id": "CVE-2022-31046", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31046" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31046.yaml", "reference_id": "CVE-2022-31046.YAML", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31046.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31046.yaml", "reference_id": "CVE-2022-31046.YAML", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31046.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-8gmv-9hwg-w89g", "reference_id": "GHSA-8gmv-9hwg-w89g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8gmv-9hwg-w89g" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g", "reference_id": "GHSA-8gmv-9hwg-w89g", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:21Z/" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78289?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-756q-b4wh-tydg" }, { "vulnerability": "VCID-bbx5-ycbt-xbea" }, { "vulnerability": "VCID-f8x4-nz64-3ya8" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-wgn5-c432-zfb6" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" }, { "vulnerability": "VCID-ye5a-kty9-ukaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/78292?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-756q-b4wh-tydg" }, { "vulnerability": "VCID-bbx5-ycbt-xbea" }, { "vulnerability": "VCID-f8x4-nz64-3ya8" }, { "vulnerability": "VCID-m6v1-7x64-fkdt" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-wgn5-c432-zfb6" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" }, { "vulnerability": "VCID-ye5a-kty9-ukaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.11" } ], "aliases": [ "CVE-2022-31046", "GHSA-8gmv-9hwg-w89g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9vd-xgts-7qfr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18143?format=api", "vulnerability_id": "VCID-x9yn-3y42-d3e6", "summary": "Improper Access Control\nTYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38499", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02247", "scoring_system": "epss", "scoring_elements": "0.84852", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38499" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:16:37Z/" } ], "url": "https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2023-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:16:37Z/" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2023-003" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38499", "reference_id": "CVE-2023-38499", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38499" }, { "reference_url": "https://github.com/advisories/GHSA-jq6g-4v5m-wm9r", "reference_id": "GHSA-jq6g-4v5m-wm9r", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jq6g-4v5m-wm9r" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r", "reference_id": "GHSA-jq6g-4v5m-wm9r", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:16:37Z/" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/200451?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.39", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.39" }, { "url": "http://public2.vulnerablecode.io/api/packages/65097?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.30", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uja7-atac-9kgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.30" }, { "url": "http://public2.vulnerablecode.io/api/packages/65098?format=api", "purl": "pkg:composer/typo3/cms-core@12.4.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-uja7-atac-9kgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.4" } ], "aliases": [ "CVE-2023-38499", "GHSA-jq6g-4v5m-wm9r" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x9yn-3y42-d3e6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197805?format=api", "vulnerability_id": "VCID-xymz-jy8w-zbdu", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31050", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63439", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31050" }, { "reference_url": "https://github.com/TYPO3-CMS/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3-CMS/core" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:13Z/" } ], "url": "https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2022-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:13Z/" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31050", "reference_id": "CVE-2022-31050", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31050" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31050.yaml", "reference_id": "CVE-2022-31050.YAML", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31050.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-wwjw-r3gj-39fq", "reference_id": "GHSA-wwjw-r3gj-39fq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wwjw-r3gj-39fq" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq", "reference_id": "GHSA-wwjw-r3gj-39fq", "reference_type": "", "scores": [ { "value": "6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L" }, { "value": "6.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:13Z/" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78289?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-756q-b4wh-tydg" }, { "vulnerability": "VCID-bbx5-ycbt-xbea" }, { "vulnerability": "VCID-f8x4-nz64-3ya8" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-wgn5-c432-zfb6" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" }, { "vulnerability": "VCID-ye5a-kty9-ukaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/78292?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-756q-b4wh-tydg" }, { "vulnerability": "VCID-bbx5-ycbt-xbea" }, { "vulnerability": "VCID-f8x4-nz64-3ya8" }, { "vulnerability": "VCID-m6v1-7x64-fkdt" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-wgn5-c432-zfb6" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" }, { "vulnerability": "VCID-ye5a-kty9-ukaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.11" } ], "aliases": [ "CVE-2022-31050", "GHSA-wwjw-r3gj-39fq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xymz-jy8w-zbdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/201042?format=api", "vulnerability_id": "VCID-ye5a-kty9-ukaz", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00318", "scoring_system": "epss", "scoring_elements": "0.55114", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36020" }, { "reference_url": "https://github.com/TYPO3/html-sanitizer", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/html-sanitizer" }, { "reference_url": "https://github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:57Z/" } ], "url": "https://github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493" }, { "reference_url": "https://packagist.org/packages/masterminds/html5", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:57Z/" } ], "url": "https://packagist.org/packages/masterminds/html5" }, { "reference_url": "https://packagist.org/packages/typo3/html-sanitizer", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:57Z/" } ], "url": "https://packagist.org/packages/typo3/html-sanitizer" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2022-011", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-011" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36020", "reference_id": "CVE-2022-36020", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36020" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36020.yaml", "reference_id": "CVE-2022-36020.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36020.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36020.yaml", "reference_id": "CVE-2022-36020.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36020.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/html-sanitizer/CVE-2022-36020.yaml", "reference_id": "CVE-2022-36020.YAML", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/html-sanitizer/CVE-2022-36020.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-47m6-46mj-p235", "reference_id": "GHSA-47m6-46mj-p235", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-47m6-46mj-p235" }, { "reference_url": "https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235", "reference_id": "GHSA-47m6-46mj-p235", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:57Z/" } ], "url": "https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/79096?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.32", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/79098?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.16", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.16" } ], "aliases": [ "CVE-2022-36020", "GHSA-47m6-46mj-p235" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ye5a-kty9-ukaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/197803?format=api", "vulnerability_id": "VCID-yuhw-xqmw-g7gy", "summary": "", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31048", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0063", "scoring_system": "epss", "scoring_elements": "0.70631", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31048" }, { "reference_url": "https://github.com/TYPO3-CMS/core", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3-CMS/core" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:16Z/" } ], "url": "https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2022-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:16Z/" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2022-003" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31048", "reference_id": "CVE-2022-31048", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31048" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31048.yaml", "reference_id": "CVE-2022-31048.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31048.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31048.yaml", "reference_id": "CVE-2022-31048.YAML", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31048.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-3r95-23jp-mhvg", "reference_id": "GHSA-3r95-23jp-mhvg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3r95-23jp-mhvg" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg", "reference_id": "GHSA-3r95-23jp-mhvg", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:16Z/" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/78289?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-756q-b4wh-tydg" }, { "vulnerability": "VCID-bbx5-ycbt-xbea" }, { "vulnerability": "VCID-f8x4-nz64-3ya8" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-wgn5-c432-zfb6" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" }, { "vulnerability": "VCID-ye5a-kty9-ukaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/78292?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-756q-b4wh-tydg" }, { "vulnerability": "VCID-bbx5-ycbt-xbea" }, { "vulnerability": "VCID-f8x4-nz64-3ya8" }, { "vulnerability": "VCID-m6v1-7x64-fkdt" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-wgn5-c432-zfb6" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" }, { "vulnerability": "VCID-ye5a-kty9-ukaz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.11" } ], "aliases": [ "CVE-2022-31048", "GHSA-3r95-23jp-mhvg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yuhw-xqmw-g7gy" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13907?format=api", "vulnerability_id": "VCID-88qn-j3zx-u3gm", "summary": "Cross-site Scripting\nTYPO3 is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00284", "scoring_system": "epss", "scoring_elements": "0.52027", "published_at": "2026-05-30T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-32768" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32768.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32768.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32768.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32768.yaml" }, { "reference_url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-c5c9-8c6m-727v", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-c5c9-8c6m-727v" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2021-013", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-013" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32768", "reference_id": "CVE-2021-32768", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32768" }, { "reference_url": "https://github.com/advisories/GHSA-c5c9-8c6m-727v", "reference_id": "GHSA-c5c9-8c6m-727v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c5c9-8c6m-727v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/206912?format=api", "purl": "pkg:composer/typo3/cms-core@7.6.53", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.53" }, { "url": "http://public2.vulnerablecode.io/api/packages/206913?format=api", "purl": "pkg:composer/typo3/cms-core@8.7.42", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.42" }, { "url": "http://public2.vulnerablecode.io/api/packages/57628?format=api", "purl": "pkg:composer/typo3/cms-core@9.5.29", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-bbx5-ycbt-xbea" }, { "vulnerability": "VCID-dfqh-9bpy-pyej" }, { "vulnerability": "VCID-f8x4-nz64-3ya8" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-w8jm-kzbx-dqdk" }, { "vulnerability": "VCID-x9vd-xgts-7qfr" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" }, { "vulnerability": "VCID-xymz-jy8w-zbdu" }, { "vulnerability": "VCID-yuhw-xqmw-g7gy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.29" }, { "url": "http://public2.vulnerablecode.io/api/packages/57629?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.19", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-756q-b4wh-tydg" }, { "vulnerability": "VCID-bbx5-ycbt-xbea" }, { "vulnerability": "VCID-dfqh-9bpy-pyej" }, { "vulnerability": "VCID-f8x4-nz64-3ya8" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-w8jm-kzbx-dqdk" }, { "vulnerability": "VCID-wgn5-c432-zfb6" }, { "vulnerability": "VCID-x9vd-xgts-7qfr" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" }, { "vulnerability": "VCID-xymz-jy8w-zbdu" }, { "vulnerability": "VCID-ye5a-kty9-ukaz" }, { "vulnerability": "VCID-yuhw-xqmw-g7gy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/57630?format=api", "purl": "pkg:composer/typo3/cms-core@11.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-293q-d5mc-g7a5" }, { "vulnerability": "VCID-2xhn-vx99-xufa" }, { "vulnerability": "VCID-4g3j-h5uj-2yfp" }, { "vulnerability": "VCID-756q-b4wh-tydg" }, { "vulnerability": "VCID-bbx5-ycbt-xbea" }, { "vulnerability": "VCID-dfqh-9bpy-pyej" }, { "vulnerability": "VCID-f8x4-nz64-3ya8" }, { "vulnerability": "VCID-uja7-atac-9kgx" }, { "vulnerability": "VCID-w8jm-kzbx-dqdk" }, { "vulnerability": "VCID-wgn5-c432-zfb6" }, { "vulnerability": "VCID-x9vd-xgts-7qfr" }, { "vulnerability": "VCID-x9yn-3y42-d3e6" }, { "vulnerability": "VCID-xymz-jy8w-zbdu" }, { "vulnerability": "VCID-ydx2-yevp-bubw" }, { "vulnerability": "VCID-ye5a-kty9-ukaz" }, { "vulnerability": "VCID-yuhw-xqmw-g7gy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.3.2" } ], "aliases": [ "CVE-2021-32768", "GHSA-c5c9-8c6m-727v" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-88qn-j3zx-u3gm" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.19" }