Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/61473?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/61473?format=api", "purl": "pkg:composer/typo3/cms@4.5.0", "type": "composer", "namespace": "typo3", "name": "cms", "version": "4.5.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.4.35", "latest_non_vulnerable_version": "12.2.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111084?format=api", "vulnerability_id": "VCID-1ef6-uy9t-mqcu", "summary": "Typo3 Open Redirect In Frontend Rendering\nThe frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, allows remote attackers to change URLs to arbitrary domains.\n\nAn attacker could forge a request which modifies anchor only links on the homepage of a TYPO3 installation such that they point to arbitrary domains, if the configuration option `config.prefixLocalAnchors` is used with any possible value. TYPO3 versions 4.6.x and higher are only affected if the homepage is not a shortcut to a different page. As an additional pre-condition, URL rewriting must be enabled in the web server (which it typically is) when using extensions like realurl or cooluri.\n\nInstallations where `config.absRefPrefix` is additionally set to any value are not affected by this vulnerability.\n\nExample of affected configuration:\n\n```php\nconfig.absRefPrefix =\nconfig.prefixLocalAnchors = all \npage = PAGE \npage.10 = TEXT \npage.10.value = <a href=\"#skiplinks\">Skiplinks</a> \n.htaccess:\n\nRewriteCond %{REQUEST_FILENAME} !-f \nRewriteCond %{REQUEST_FILENAME} !-d \nRewriteCond %{REQUEST_FILENAME} !-l \nRewriteRule .* index.php [L] \n```", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52621", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52599", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52658", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52666", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52647", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9508" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-9508.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-9508.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9508", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9508" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2014-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2014-003" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/" }, { "reference_url": "https://github.com/advisories/GHSA-v6xv-rmqc-wcc8", "reference_id": "GHSA-v6xv-rmqc-wcc8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v6xv-rmqc-wcc8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151106?format=api", "purl": "pkg:composer/typo3/cms@4.5.39", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.39" }, { "url": "http://public2.vulnerablecode.io/api/packages/52098?format=api", "purl": "pkg:composer/typo3/cms@6.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efr-h9gq-r7h1" }, { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-1usv-hs5c-akb2" }, { "vulnerability": "VCID-2r7u-mc45-8yhe" }, { "vulnerability": "VCID-39jx-muqb-nkfq" }, { "vulnerability": "VCID-4wnp-gusy-43b8" }, { "vulnerability": "VCID-5dxs-cdht-27hw" }, { "vulnerability": "VCID-5hm4-ms5p-uuae" }, { "vulnerability": "VCID-5ppx-p8eq-mbgk" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-6su8-bbrw-hbhp" }, { "vulnerability": "VCID-727q-h3ey-6yc9" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-83y4-7q4j-h7f8" }, { "vulnerability": "VCID-8jcy-3kje-fqeh" }, { "vulnerability": "VCID-8p64-6zpt-t3av" }, { "vulnerability": "VCID-8vum-snng-jfcv" }, { "vulnerability": "VCID-95wn-6r9b-q7et" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-bstt-ybrs-5ua3" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dd9u-w2y2-87h9" }, { "vulnerability": "VCID-dw8z-wtph-skey" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ebku-sk43-m7bf" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ekvp-u4kk-kqdd" }, { "vulnerability": "VCID-eutz-mj58-audb" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-exjy-5cyn-zfg1" }, { "vulnerability": "VCID-fgqa-5fx9-nkaz" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-g7mm-vjbw-bbhd" }, { "vulnerability": "VCID-g9ns-sxkx-aqh1" }, { "vulnerability": "VCID-gbdn-7ce2-zuf7" }, { "vulnerability": "VCID-h217-xe8x-nua3" }, { "vulnerability": "VCID-h7hf-sf2q-73ay" }, { "vulnerability": "VCID-hm4k-wbq3-r7ej" }, { "vulnerability": "VCID-huxd-2e6q-abak" }, { "vulnerability": "VCID-hzma-cduk-3uhp" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jbkw-4x2d-fqcp" }, { "vulnerability": "VCID-jenc-czvj-g3gw" }, { "vulnerability": "VCID-jeqr-9tfu-f7b2" }, { "vulnerability": "VCID-jf28-91be-6kbr" }, { "vulnerability": "VCID-jmea-qzsr-wkf4" }, { "vulnerability": "VCID-jn38-wfec-7bb2" }, { "vulnerability": "VCID-kj76-rsr8-yqb3" }, { "vulnerability": "VCID-kp2p-nbmg-ufen" }, { "vulnerability": "VCID-kqu8-8c1n-73hr" }, { "vulnerability": "VCID-ks1q-a8x2-uqht" }, { "vulnerability": "VCID-m3nc-xbb4-yubr" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-n326-yy8y-xuap" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-nvbp-pbjw-3qgx" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-rs13-zf7b-mka7" }, { "vulnerability": "VCID-s4re-vww7-sugb" }, { "vulnerability": "VCID-s97a-nmk8-y3ay" }, { "vulnerability": "VCID-sdz8-hju8-4bcb" }, { "vulnerability": "VCID-sn8n-mawq-3uht" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u37d-tqqe-n7d4" }, { "vulnerability": "VCID-u4tq-8qnk-5fd7" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-v2qy-dbf2-bffn" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-w58p-3wg1-7ycr" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wk4s-4bcd-2yb5" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-x175-xjek-97ds" }, { "vulnerability": "VCID-xpxg-qq49-b7fd" }, { "vulnerability": "VCID-xt7m-u9eb-fyd9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y1ap-y4az-x7ec" }, { "vulnerability": "VCID-yn6z-9v7k-x7br" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-zhvz-jzf3-2uac" }, { "vulnerability": "VCID-zru2-9g25-77dc" }, { "vulnerability": "VCID-zrz3-3dnf-tbay" }, { "vulnerability": "VCID-zybp-mb3d-jyee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/52099?format=api", "purl": "pkg:composer/typo3/cms@7.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-28fn-ncj5-2ufk" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-2rmv-a83x-9ka8" }, { "vulnerability": "VCID-3ugj-6m1e-e3hr" }, { "vulnerability": "VCID-5hm4-ms5p-uuae" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-66kh-c1dm-8fbf" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-8jcy-3kje-fqeh" }, { "vulnerability": "VCID-953t-q1cr-zyd6" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-abjx-8v46-d7d8" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dsqm-9q3e-dudw" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fdnw-2tz5-4fdr" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-gpv4-4tpd-tbaa" }, { "vulnerability": "VCID-hm4k-wbq3-r7ej" }, { "vulnerability": "VCID-hp99-ncuh-6ugv" }, { "vulnerability": "VCID-hsw8-nbs6-auaa" }, { "vulnerability": "VCID-hyx9-8ae6-sba8" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-jq5y-7h9g-mufa" }, { "vulnerability": "VCID-jwb1-3sbg-kfa5" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-njsj-bwjq-fyap" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-p576-w7dd-p3h7" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qcnh-z4zh-myaw" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-rs13-zf7b-mka7" }, { "vulnerability": "VCID-teby-zvvw-zkhv" }, { "vulnerability": "VCID-tzpj-j3x1-ekgk" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-xvyu-2hb8-8ufh" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-yz6t-ge1y-qfgr" }, { "vulnerability": "VCID-zru2-9g25-77dc" }, { "vulnerability": "VCID-zybp-mb3d-jyee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.2" } ], "aliases": [ "CVE-2014-9508", "GHSA-v6xv-rmqc-wcc8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1ef6-uy9t-mqcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111340?format=api", "vulnerability_id": "VCID-1m3k-7uhk-7kbr", "summary": "Typo3 Backend Configuration XSS Vulnerability\nThe configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59421", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59395", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59446", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59449", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.5944", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3529" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77793", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77793" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3529", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3529" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2537", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2537" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/22/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/8" }, { "reference_url": "https://github.com/advisories/GHSA-7gg8-3r6j-5g55", "reference_id": "GHSA-7gg8-3r6j-5g55", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7gg8-3r6j-5g55" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63428?format=api", "purl": "pkg:composer/typo3/cms@4.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/63429?format=api", "purl": "pkg:composer/typo3/cms@4.6.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.6.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/63430?format=api", "purl": "pkg:composer/typo3/cms@4.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.4" } ], "aliases": [ "CVE-2012-3529", "GHSA-7gg8-3r6j-5g55" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1m3k-7uhk-7kbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42969?format=api", "vulnerability_id": "VCID-1txa-3guj-4fe2", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nTYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4901", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46775", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46794", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46791", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46746", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46724", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4901" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4901", "reference_id": "CVE-2011-4901", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4901" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2011-4901", "reference_id": "CVE-2011-4901", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4901" }, { "reference_url": "https://github.com/advisories/GHSA-8grp-3j5v-543g", "reference_id": "GHSA-8grp-3j5v-543g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8grp-3j5v-543g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61475?format=api", "purl": "pkg:composer/typo3/cms@4.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.4" } ], "aliases": [ "CVE-2011-4901", "GHSA-8grp-3j5v-543g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1txa-3guj-4fe2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111441?format=api", "vulnerability_id": "VCID-2f2m-tcjn-fyby", "summary": "Typo3 Vulnerable to Cache Poisoning\n**Problem Description:** A request URL with arbitrary arguments, but still pointing to the home page of a TYPO3 installation can be cached if the configuration option `config.prefixLocalAnchors` is used with the values \"all\" or \"cached\". The impact of this vulnerability is that unfamiliar looking links to the home page can end up in the cache, which leads to a reload of the page in the browser when section links are followed by web page visitors, instead of just directly jumping to the requested section of the page. TYPO3 versions 4.6.x and higher are only affected if the homepage is not a shortcut to a different page.\n\n**Solution:** Removing the configuration options `config.prefixLocalAnchors` (and optionally also config.baseUrl) in favor of `config.absRefPrefix`\n\n**Credits:** Thanks to Gernot Leitgab who discovered and reported the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9509", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70774", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70797", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70804", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70787", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70755", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9509" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9509", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9509" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/" }, { "reference_url": "https://github.com/advisories/GHSA-5479-gqqr-f9gj", "reference_id": "GHSA-5479-gqqr-f9gj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5479-gqqr-f9gj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/151106?format=api", "purl": "pkg:composer/typo3/cms@4.5.39", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.39" }, { "url": "http://public2.vulnerablecode.io/api/packages/152636?format=api", "purl": "pkg:composer/typo3/cms@4.6.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.6.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/152637?format=api", "purl": "pkg:composer/typo3/cms@4.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/152638?format=api", "purl": "pkg:composer/typo3/cms@6.0.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/152640?format=api", "purl": "pkg:composer/typo3/cms@6.1.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/52098?format=api", "purl": "pkg:composer/typo3/cms@6.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efr-h9gq-r7h1" }, { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-1usv-hs5c-akb2" }, { "vulnerability": "VCID-2r7u-mc45-8yhe" }, { "vulnerability": "VCID-39jx-muqb-nkfq" }, { "vulnerability": "VCID-4wnp-gusy-43b8" }, { "vulnerability": "VCID-5dxs-cdht-27hw" }, { "vulnerability": "VCID-5hm4-ms5p-uuae" }, { "vulnerability": "VCID-5ppx-p8eq-mbgk" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-6su8-bbrw-hbhp" }, { "vulnerability": "VCID-727q-h3ey-6yc9" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-83y4-7q4j-h7f8" }, { "vulnerability": "VCID-8jcy-3kje-fqeh" }, { "vulnerability": "VCID-8p64-6zpt-t3av" }, { "vulnerability": "VCID-8vum-snng-jfcv" }, { "vulnerability": "VCID-95wn-6r9b-q7et" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-bstt-ybrs-5ua3" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dd9u-w2y2-87h9" }, { "vulnerability": "VCID-dw8z-wtph-skey" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ebku-sk43-m7bf" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ekvp-u4kk-kqdd" }, { "vulnerability": "VCID-eutz-mj58-audb" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-exjy-5cyn-zfg1" }, { "vulnerability": "VCID-fgqa-5fx9-nkaz" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-g7mm-vjbw-bbhd" }, { "vulnerability": "VCID-g9ns-sxkx-aqh1" }, { "vulnerability": "VCID-gbdn-7ce2-zuf7" }, { "vulnerability": "VCID-h217-xe8x-nua3" }, { "vulnerability": "VCID-h7hf-sf2q-73ay" }, { "vulnerability": "VCID-hm4k-wbq3-r7ej" }, { "vulnerability": "VCID-huxd-2e6q-abak" }, { "vulnerability": "VCID-hzma-cduk-3uhp" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jbkw-4x2d-fqcp" }, { "vulnerability": "VCID-jenc-czvj-g3gw" }, { "vulnerability": "VCID-jeqr-9tfu-f7b2" }, { "vulnerability": "VCID-jf28-91be-6kbr" }, { "vulnerability": "VCID-jmea-qzsr-wkf4" }, { "vulnerability": "VCID-jn38-wfec-7bb2" }, { "vulnerability": "VCID-kj76-rsr8-yqb3" }, { "vulnerability": "VCID-kp2p-nbmg-ufen" }, { "vulnerability": "VCID-kqu8-8c1n-73hr" }, { "vulnerability": "VCID-ks1q-a8x2-uqht" }, { "vulnerability": "VCID-m3nc-xbb4-yubr" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-n326-yy8y-xuap" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-nvbp-pbjw-3qgx" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-rs13-zf7b-mka7" }, { "vulnerability": "VCID-s4re-vww7-sugb" }, { "vulnerability": "VCID-s97a-nmk8-y3ay" }, { "vulnerability": "VCID-sdz8-hju8-4bcb" }, { "vulnerability": "VCID-sn8n-mawq-3uht" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u37d-tqqe-n7d4" }, { "vulnerability": "VCID-u4tq-8qnk-5fd7" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-v2qy-dbf2-bffn" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-w58p-3wg1-7ycr" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wk4s-4bcd-2yb5" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-x175-xjek-97ds" }, { "vulnerability": "VCID-xpxg-qq49-b7fd" }, { "vulnerability": "VCID-xt7m-u9eb-fyd9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y1ap-y4az-x7ec" }, { "vulnerability": "VCID-yn6z-9v7k-x7br" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-zhvz-jzf3-2uac" }, { "vulnerability": "VCID-zru2-9g25-77dc" }, { "vulnerability": "VCID-zrz3-3dnf-tbay" }, { "vulnerability": "VCID-zybp-mb3d-jyee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/52099?format=api", "purl": "pkg:composer/typo3/cms@7.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-28fn-ncj5-2ufk" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-2rmv-a83x-9ka8" }, { "vulnerability": "VCID-3ugj-6m1e-e3hr" }, { "vulnerability": "VCID-5hm4-ms5p-uuae" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-66kh-c1dm-8fbf" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-8jcy-3kje-fqeh" }, { "vulnerability": "VCID-953t-q1cr-zyd6" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-abjx-8v46-d7d8" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dsqm-9q3e-dudw" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fdnw-2tz5-4fdr" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-gpv4-4tpd-tbaa" }, { "vulnerability": "VCID-hm4k-wbq3-r7ej" }, { "vulnerability": "VCID-hp99-ncuh-6ugv" }, { "vulnerability": "VCID-hsw8-nbs6-auaa" }, { "vulnerability": "VCID-hyx9-8ae6-sba8" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-jq5y-7h9g-mufa" }, { "vulnerability": "VCID-jwb1-3sbg-kfa5" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-njsj-bwjq-fyap" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-p576-w7dd-p3h7" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qcnh-z4zh-myaw" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-rs13-zf7b-mka7" }, { "vulnerability": "VCID-teby-zvvw-zkhv" }, { "vulnerability": "VCID-tzpj-j3x1-ekgk" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-xvyu-2hb8-8ufh" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-yz6t-ge1y-qfgr" }, { "vulnerability": "VCID-zru2-9g25-77dc" }, { "vulnerability": "VCID-zybp-mb3d-jyee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.2" } ], "aliases": [ "CVE-2014-9509", "GHSA-5479-gqqr-f9gj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2f2m-tcjn-fyby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44118?format=api", "vulnerability_id": "VCID-2rb1-4nfa-sba1", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1606", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52395", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52374", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52435", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52443", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00287", "scoring_system": "epss", "scoring_elements": "0.52423", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1606" }, { "reference_url": "https://web.archive.org/web/20120527123559/http://www.securityfocus.com/bid/52771", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120527123559/http://www.securityfocus.com/bid/52771" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2445", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2445" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/30/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/30/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1606", "reference_id": "CVE-2012-1606", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1606" }, { "reference_url": "https://github.com/advisories/GHSA-7wwr-p84q-qr3q", "reference_id": "GHSA-7wwr-p84q-qr3q", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7wwr-p84q-qr3q" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63441?format=api", "purl": "pkg:composer/typo3/cms@4.5.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/63442?format=api", "purl": "pkg:composer/typo3/cms@4.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.6.7" } ], "aliases": [ "CVE-2012-1606", "GHSA-7wwr-p84q-qr3q" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2rb1-4nfa-sba1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112412?format=api", "vulnerability_id": "VCID-3c8n-x9h6-5ybw", "summary": "Typo3 Install Tool XSS Vulnerability\nCross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3531", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48269", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48249", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48313", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48316", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48298", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3531" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78888" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3531", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3531" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2537", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2537" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/22/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/8" }, { "reference_url": "https://github.com/advisories/GHSA-p9wg-jvj4-cx26", "reference_id": "GHSA-p9wg-jvj4-cx26", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p9wg-jvj4-cx26" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63428?format=api", "purl": "pkg:composer/typo3/cms@4.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/63429?format=api", "purl": "pkg:composer/typo3/cms@4.6.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.6.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/63430?format=api", "purl": "pkg:composer/typo3/cms@4.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.4" } ], "aliases": [ "CVE-2012-3531", "GHSA-p9wg-jvj4-cx26" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3c8n-x9h6-5ybw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44173?format=api", "vulnerability_id": "VCID-531r-qzmx-1yfa", "summary": "Improper Input Validation\nThe t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1608", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00678", "scoring_system": "epss", "scoring_elements": "0.71933", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00678", "scoring_system": "epss", "scoring_elements": "0.71922", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00678", "scoring_system": "epss", "scoring_elements": "0.71962", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00678", "scoring_system": "epss", "scoring_elements": "0.71969", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00678", "scoring_system": "epss", "scoring_elements": "0.71947", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1608" }, { "reference_url": "https://web.archive.org/web/20120527123559/http://www.securityfocus.com/bid/52771", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120527123559/http://www.securityfocus.com/bid/52771" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2445", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2445" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/30/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/30/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1608", "reference_id": "CVE-2012-1608", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1608" }, { "reference_url": "https://github.com/advisories/GHSA-w3v6-r62r-fvqh", "reference_id": "GHSA-w3v6-r62r-fvqh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w3v6-r62r-fvqh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63441?format=api", "purl": "pkg:composer/typo3/cms@4.5.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/63442?format=api", "purl": "pkg:composer/typo3/cms@4.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.6.7" } ], "aliases": [ "CVE-2012-1608", "GHSA-w3v6-r62r-fvqh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-531r-qzmx-1yfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42981?format=api", "vulnerability_id": "VCID-75xh-4935-mqa9", "summary": "Improper Authentication\nTYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4628", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72621", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72634", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72605", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72653", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0071", "scoring_system": "epss", "scoring_elements": "0.72645", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4628" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Authentication_Delay_Bypass", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Authentication_Delay_Bypass" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4628", "reference_id": "CVE-2011-4628", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4628" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2011-4628", "reference_id": "CVE-2011-4628", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4628" }, { "reference_url": "https://github.com/advisories/GHSA-79gv-5cgx-x6rx", "reference_id": "GHSA-79gv-5cgx-x6rx", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-79gv-5cgx-x6rx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61475?format=api", "purl": "pkg:composer/typo3/cms@4.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.4" } ], "aliases": [ "CVE-2011-4628", "GHSA-79gv-5cgx-x6rx" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-75xh-4935-mqa9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55094?format=api", "vulnerability_id": "VCID-88un-etsg-2qas", "summary": "ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting\nFailing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing. TYPO3 uses the HTTP host-header to generate absolute URLs in several places like 404 handling, http(s) enforcement, password reset links and many more. Since the host header itself is provided by the client it can be forged to any value, even in a name based virtual hosts environment. A blog post describes this problem in great detail.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2014-05-22-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2014-05-22-1.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/32efb1b03573d51391126c90cd87c74b3dc457fb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/32efb1b03573d51391126c90cd87c74b3dc457fb" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/9bd777649e4022c89dbf39ca41988a594b5e94b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/9bd777649e4022c89dbf39ca41988a594b5e94b8" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/c39bca9613c311dd12e61771dd311b1bb2283b8d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/c39bca9613c311dd12e61771dd311b1bb2283b8d" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/d554ac5323f3b0fac1fce4c2c491d0123badd669", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/d554ac5323f3b0fac1fce4c2c491d0123badd669" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2014-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2014-001" }, { "reference_url": "https://web.archive.org/web/20140531042943/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140531042943/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001" }, { "reference_url": "https://github.com/advisories/GHSA-mxjf-hc9v-xgv2", "reference_id": "GHSA-mxjf-hc9v-xgv2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mxjf-hc9v-xgv2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62894?format=api", "purl": "pkg:composer/typo3/cms@4.5.34", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/62895?format=api", "purl": "pkg:composer/typo3/cms@4.7.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/62897?format=api", "purl": "pkg:composer/typo3/cms@6.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/51878?format=api", "purl": "pkg:composer/typo3/cms@6.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ef6-uy9t-mqcu" }, { "vulnerability": "VCID-1efr-h9gq-r7h1" }, { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-1usv-hs5c-akb2" }, { "vulnerability": "VCID-2f2m-tcjn-fyby" }, { "vulnerability": "VCID-2r7u-mc45-8yhe" }, { "vulnerability": "VCID-39jx-muqb-nkfq" }, { "vulnerability": "VCID-3ump-aca5-g7b6" }, { "vulnerability": "VCID-4wnp-gusy-43b8" }, { "vulnerability": "VCID-5dxs-cdht-27hw" }, { "vulnerability": "VCID-5hm4-ms5p-uuae" }, { "vulnerability": "VCID-5ppx-p8eq-mbgk" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-6su8-bbrw-hbhp" }, { "vulnerability": "VCID-6u6t-uy5y-5fd6" }, { "vulnerability": "VCID-727q-h3ey-6yc9" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-83y4-7q4j-h7f8" }, { "vulnerability": "VCID-8jcy-3kje-fqeh" }, { "vulnerability": "VCID-8p64-6zpt-t3av" }, { "vulnerability": "VCID-8vum-snng-jfcv" }, { "vulnerability": "VCID-95wn-6r9b-q7et" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-a1kt-str6-rqec" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-bstt-ybrs-5ua3" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dd9u-w2y2-87h9" }, { "vulnerability": "VCID-dw8z-wtph-skey" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ebku-sk43-m7bf" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ekvp-u4kk-kqdd" }, { "vulnerability": "VCID-eutz-mj58-audb" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-exjy-5cyn-zfg1" }, { "vulnerability": "VCID-fgn1-hswd-ekdf" }, { "vulnerability": "VCID-fgqa-5fx9-nkaz" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-g7mm-vjbw-bbhd" }, { "vulnerability": "VCID-g9ns-sxkx-aqh1" }, { "vulnerability": "VCID-gbdn-7ce2-zuf7" }, { "vulnerability": "VCID-h217-xe8x-nua3" }, { "vulnerability": "VCID-h7hf-sf2q-73ay" }, { "vulnerability": "VCID-hm4k-wbq3-r7ej" }, { "vulnerability": "VCID-huxd-2e6q-abak" }, { "vulnerability": "VCID-hzma-cduk-3uhp" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jbkw-4x2d-fqcp" }, { "vulnerability": "VCID-jenc-czvj-g3gw" }, { "vulnerability": "VCID-jeqr-9tfu-f7b2" }, { "vulnerability": "VCID-jf28-91be-6kbr" }, { "vulnerability": "VCID-jmea-qzsr-wkf4" }, { "vulnerability": "VCID-jn38-wfec-7bb2" }, { "vulnerability": "VCID-jx9x-wxwq-5khx" }, { "vulnerability": "VCID-kj76-rsr8-yqb3" }, { "vulnerability": "VCID-kp2p-nbmg-ufen" }, { "vulnerability": "VCID-kqu8-8c1n-73hr" }, { "vulnerability": "VCID-ks1q-a8x2-uqht" }, { "vulnerability": "VCID-m3nc-xbb4-yubr" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-n326-yy8y-xuap" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-nvbp-pbjw-3qgx" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-r6hu-hvdh-abb1" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-rs13-zf7b-mka7" }, { "vulnerability": "VCID-s4re-vww7-sugb" }, { "vulnerability": "VCID-s97a-nmk8-y3ay" }, { "vulnerability": "VCID-sdz8-hju8-4bcb" }, { "vulnerability": "VCID-sn8n-mawq-3uht" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u37d-tqqe-n7d4" }, { "vulnerability": "VCID-u4tq-8qnk-5fd7" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-v2qy-dbf2-bffn" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-w58p-3wg1-7ycr" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wk4s-4bcd-2yb5" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-x175-xjek-97ds" }, { "vulnerability": "VCID-xpxg-qq49-b7fd" }, { "vulnerability": "VCID-xt7m-u9eb-fyd9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y1ap-y4az-x7ec" }, { "vulnerability": "VCID-yn6z-9v7k-x7br" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-zhvz-jzf3-2uac" }, { "vulnerability": "VCID-zpxz-291y-x3c7" }, { "vulnerability": "VCID-zru2-9g25-77dc" }, { "vulnerability": "VCID-zrz3-3dnf-tbay" }, { "vulnerability": "VCID-zybp-mb3d-jyee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.3" } ], "aliases": [ "GHSA-mxjf-hc9v-xgv2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-88un-etsg-2qas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111307?format=api", "vulnerability_id": "VCID-8yun-8pau-tkhu", "summary": "Typo3 Extbase Framework Unsafe Deserialization\nThe Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to \"a missing signature (HMAC) for a request argument.\"", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1605", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0094", "scoring_system": "epss", "scoring_elements": "0.76617", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0094", "scoring_system": "epss", "scoring_elements": "0.76602", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0094", "scoring_system": "epss", "scoring_elements": "0.76632", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0094", "scoring_system": "epss", "scoring_elements": "0.76638", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0094", "scoring_system": "epss", "scoring_elements": "0.76628", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1605" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1605", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1605" }, { "reference_url": "https://web.archive.org/web/20120527123559/http://www.securityfocus.com/bid/52771", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120527123559/http://www.securityfocus.com/bid/52771" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/30/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/30/4" }, { "reference_url": "https://github.com/advisories/GHSA-7jfm-px59-99w8", "reference_id": "GHSA-7jfm-px59-99w8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7jfm-px59-99w8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63441?format=api", "purl": "pkg:composer/typo3/cms@4.5.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/63442?format=api", "purl": "pkg:composer/typo3/cms@4.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.6.7" } ], "aliases": [ "CVE-2012-1605", "GHSA-7jfm-px59-99w8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8yun-8pau-tkhu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55084?format=api", "vulnerability_id": "VCID-a1kt-str6-rqec", "summary": "TYPO3 Arbitrary Shell Execution in Swiftmailer library\nThe swiftmailer library in use allows to execute arbitrary shell commands if the \"From\" header comes from a non-trusted source and no \"Return-Path\" is configured. Affected are only TYPO3 installation the configuration option\n```\n$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport']\n```\nis set to \"sendmail\". Installations with the default configuration are not affected.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2014-10-22-2.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2014-10-22-2.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/313c4bba53dd78803a9ee97c1f6f1d450a521521", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/313c4bba53dd78803a9ee97c1f6f1d450a521521" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/6af37574e063929eaab066dd9920b1fa8815da12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/6af37574e063929eaab066dd9920b1fa8815da12" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/dbdd9f22b7cebf43f2e4abdb2a6a8a9f32af8f61", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/dbdd9f22b7cebf43f2e4abdb2a6a8a9f32af8f61" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/ead183c5acf25b7e1121adee5a5860bd9b5f05a2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/ead183c5acf25b7e1121adee5a5860bd9b5f05a2" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2014-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2014-002" }, { "reference_url": "https://github.com/advisories/GHSA-45xg-4w5x-j429", "reference_id": "GHSA-45xg-4w5x-j429", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-45xg-4w5x-j429" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81681?format=api", "purl": "pkg:composer/typo3/cms@4.5.37", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.37" }, { "url": "http://public2.vulnerablecode.io/api/packages/81680?format=api", "purl": "pkg:composer/typo3/cms@4.7.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f2m-tcjn-fyby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/81679?format=api", "purl": "pkg:composer/typo3/cms@6.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f2m-tcjn-fyby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/51995?format=api", "purl": "pkg:composer/typo3/cms@6.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ef6-uy9t-mqcu" }, { "vulnerability": "VCID-1efr-h9gq-r7h1" }, { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-1usv-hs5c-akb2" }, { "vulnerability": "VCID-2f2m-tcjn-fyby" }, { "vulnerability": "VCID-2r7u-mc45-8yhe" }, { "vulnerability": "VCID-39jx-muqb-nkfq" }, { "vulnerability": "VCID-4wnp-gusy-43b8" }, { "vulnerability": "VCID-5dxs-cdht-27hw" }, { "vulnerability": "VCID-5hm4-ms5p-uuae" }, { "vulnerability": "VCID-5ppx-p8eq-mbgk" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-6su8-bbrw-hbhp" }, { "vulnerability": "VCID-6u6t-uy5y-5fd6" }, { "vulnerability": "VCID-727q-h3ey-6yc9" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-83y4-7q4j-h7f8" }, { "vulnerability": "VCID-8jcy-3kje-fqeh" }, { "vulnerability": "VCID-8p64-6zpt-t3av" }, { "vulnerability": "VCID-8vum-snng-jfcv" }, { "vulnerability": "VCID-95wn-6r9b-q7et" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-bstt-ybrs-5ua3" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dd9u-w2y2-87h9" }, { "vulnerability": "VCID-dw8z-wtph-skey" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ebku-sk43-m7bf" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ekvp-u4kk-kqdd" }, { "vulnerability": "VCID-eutz-mj58-audb" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-exjy-5cyn-zfg1" }, { "vulnerability": "VCID-fgqa-5fx9-nkaz" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-g7mm-vjbw-bbhd" }, { "vulnerability": "VCID-g9ns-sxkx-aqh1" }, { "vulnerability": "VCID-gbdn-7ce2-zuf7" }, { "vulnerability": "VCID-h217-xe8x-nua3" }, { "vulnerability": "VCID-h7hf-sf2q-73ay" }, { "vulnerability": "VCID-hm4k-wbq3-r7ej" }, { "vulnerability": "VCID-huxd-2e6q-abak" }, { "vulnerability": "VCID-hzma-cduk-3uhp" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jbkw-4x2d-fqcp" }, { "vulnerability": "VCID-jenc-czvj-g3gw" }, { "vulnerability": "VCID-jeqr-9tfu-f7b2" }, { "vulnerability": "VCID-jf28-91be-6kbr" }, { "vulnerability": "VCID-jmea-qzsr-wkf4" }, { "vulnerability": "VCID-jn38-wfec-7bb2" }, { "vulnerability": "VCID-jx9x-wxwq-5khx" }, { "vulnerability": "VCID-kj76-rsr8-yqb3" }, { "vulnerability": "VCID-kp2p-nbmg-ufen" }, { "vulnerability": "VCID-kqu8-8c1n-73hr" }, { "vulnerability": "VCID-ks1q-a8x2-uqht" }, { "vulnerability": "VCID-m3nc-xbb4-yubr" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-n326-yy8y-xuap" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-nvbp-pbjw-3qgx" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-r6hu-hvdh-abb1" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-rs13-zf7b-mka7" }, { "vulnerability": "VCID-s4re-vww7-sugb" }, { "vulnerability": "VCID-s97a-nmk8-y3ay" }, { "vulnerability": "VCID-sdz8-hju8-4bcb" }, { "vulnerability": "VCID-sn8n-mawq-3uht" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u37d-tqqe-n7d4" }, { "vulnerability": "VCID-u4tq-8qnk-5fd7" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-v2qy-dbf2-bffn" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-w58p-3wg1-7ycr" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wk4s-4bcd-2yb5" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-x175-xjek-97ds" }, { "vulnerability": "VCID-xpxg-qq49-b7fd" }, { "vulnerability": "VCID-xt7m-u9eb-fyd9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y1ap-y4az-x7ec" }, { "vulnerability": "VCID-yn6z-9v7k-x7br" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-zhvz-jzf3-2uac" }, { "vulnerability": "VCID-zru2-9g25-77dc" }, { "vulnerability": "VCID-zrz3-3dnf-tbay" }, { "vulnerability": "VCID-zybp-mb3d-jyee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.6" } ], "aliases": [ "GHSA-45xg-4w5x-j429" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a1kt-str6-rqec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42964?format=api", "vulnerability_id": "VCID-ae89-sz78-kydg", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nIt was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3583", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60779", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60735", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60762", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.6079", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00396", "scoring_system": "epss", "scoring_elements": "0.60783", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-3583" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2011-3583", "reference_id": "CVE-2011-3583", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2011-3583" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3583", "reference_id": "CVE-2011-3583", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-3583" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2011-3583", "reference_id": "CVE-2011-3583", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2011-3583" }, { "reference_url": "https://github.com/advisories/GHSA-gx4p-6w86-f8jx", "reference_id": "GHSA-gx4p-6w86-f8jx", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gx4p-6w86-f8jx" } ], "fixed_packages": [], "aliases": [ "CVE-2011-3583", "GHSA-gx4p-6w86-f8jx" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ae89-sz78-kydg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42978?format=api", "vulnerability_id": "VCID-bdx9-qjnn-ybbh", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nTYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4627", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.5448", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54515", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54547", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0031", "scoring_system": "epss", "scoring_elements": "0.54537", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4627" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Information_Disclosure" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4627", "reference_id": "CVE-2011-4627", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4627" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2011-4627", "reference_id": "CVE-2011-4627", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4627" }, { "reference_url": "https://github.com/advisories/GHSA-frf4-5p2c-c3ff", "reference_id": "GHSA-frf4-5p2c-c3ff", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-frf4-5p2c-c3ff" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61475?format=api", "purl": "pkg:composer/typo3/cms@4.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.4" } ], "aliases": [ "CVE-2011-4627", "GHSA-frf4-5p2c-c3ff" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bdx9-qjnn-ybbh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42968?format=api", "vulnerability_id": "VCID-brj5-1b16-fbb2", "summary": "Improper Input Validation\nTYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4902", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33268", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33305", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33289", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33236", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33187", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4902" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Unserialize", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Unserialize" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4902", "reference_id": "CVE-2011-4902", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4902" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2011-4902", "reference_id": "CVE-2011-4902", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4902" }, { "reference_url": "https://github.com/advisories/GHSA-9vxq-mxw5-mcgp", "reference_id": "GHSA-9vxq-mxw5-mcgp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9vxq-mxw5-mcgp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61475?format=api", "purl": "pkg:composer/typo3/cms@4.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.4" } ], "aliases": [ "CVE-2011-4902", "GHSA-9vxq-mxw5-mcgp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-brj5-1b16-fbb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110997?format=api", "vulnerability_id": "VCID-dz2n-vpss-zqe9", "summary": "TYPO3 allows remote authenticated backend users to unserialize arbitrary objects\nview_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a \"missing signature (HMAC).\"", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.84248", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.8424", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.84263", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.84266", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.8426", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3527" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77791", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77791" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3527", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3527" }, { "reference_url": "https://web.archive.org/web/20120817233148/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120817233148/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2537", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2537" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/22/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/8" }, { "reference_url": "https://github.com/advisories/GHSA-m4hw-r893-xh4g", "reference_id": "GHSA-m4hw-r893-xh4g", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m4hw-r893-xh4g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63428?format=api", "purl": "pkg:composer/typo3/cms@4.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/63429?format=api", "purl": "pkg:composer/typo3/cms@4.6.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.6.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/63430?format=api", "purl": "pkg:composer/typo3/cms@4.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.4" } ], "aliases": [ "CVE-2012-3527", "GHSA-m4hw-r893-xh4g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dz2n-vpss-zqe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42986?format=api", "vulnerability_id": "VCID-e958-8xq7-1qh4", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4630", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41283", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41314", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.4131", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41252", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41234", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4630" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4630", "reference_id": "CVE-2011-4630", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4630" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2011-4630", "reference_id": "CVE-2011-4630", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4630" }, { "reference_url": "https://github.com/advisories/GHSA-29wr-24h5-95r5", "reference_id": "GHSA-29wr-24h5-95r5", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-29wr-24h5-95r5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61475?format=api", "purl": "pkg:composer/typo3/cms@4.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.4" } ], "aliases": [ "CVE-2011-4630", "GHSA-29wr-24h5-95r5" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e958-8xq7-1qh4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42985?format=api", "vulnerability_id": "VCID-eku4-xr4n-vbg8", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4632", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41283", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41314", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.4131", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41252", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41234", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4632" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4632", "reference_id": "CVE-2011-4632", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4632" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2011-4632", "reference_id": "CVE-2011-4632", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4632" }, { "reference_url": "https://github.com/advisories/GHSA-h86g-796f-hhfq", "reference_id": "GHSA-h86g-796f-hhfq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-h86g-796f-hhfq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61475?format=api", "purl": "pkg:composer/typo3/cms@4.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.4" } ], "aliases": [ "CVE-2011-4632", "GHSA-h86g-796f-hhfq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eku4-xr4n-vbg8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111039?format=api", "vulnerability_id": "VCID-emf6-2wa5-2yc7", "summary": "Typo3 Backend History Module Vulnerable to XSS\nCross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41401", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41383", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41458", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41462", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41432", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6145" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79965", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79965" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6145", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6145" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/06/19/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/06/19/4" }, { "reference_url": "https://github.com/advisories/GHSA-w563-rq37-cvq5", "reference_id": "GHSA-w563-rq37-cvq5", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w563-rq37-cvq5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63425?format=api", "purl": "pkg:composer/typo3/cms@4.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/63426?format=api", "purl": "pkg:composer/typo3/cms@4.6.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.6.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/63427?format=api", "purl": "pkg:composer/typo3/cms@4.7.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.6" } ], "aliases": [ "CVE-2012-6145", "GHSA-w563-rq37-cvq5" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-emf6-2wa5-2yc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42961?format=api", "vulnerability_id": "VCID-etsd-q5s7-2qcy", "summary": "Improper Input Validation\nTYPO3 before 4.4.9 and 4.5.x before 4.5.4 does not apply proper access control on ExtDirect calls which allows remote attackers to retrieve ExtDirect endpoint services.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4904", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46775", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46794", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46791", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46746", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00236", "scoring_system": "epss", "scoring_elements": "0.46724", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4904" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Missing_Access_Control", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#Missing_Access_Control" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4904", "reference_id": "CVE-2011-4904", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4904" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2011-4904", "reference_id": "CVE-2011-4904", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4904" }, { "reference_url": "https://github.com/advisories/GHSA-qf79-34j4-54m6", "reference_id": "GHSA-qf79-34j4-54m6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qf79-34j4-54m6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61475?format=api", "purl": "pkg:composer/typo3/cms@4.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.4" } ], "aliases": [ "CVE-2011-4904", "GHSA-qf79-34j4-54m6" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-etsd-q5s7-2qcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112338?format=api", "vulnerability_id": "VCID-j4zg-ekjr-jycg", "summary": "TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component\nMultiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.", "references": [ { "reference_url": "http://osvdb.org/100881", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://osvdb.org/100881" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7074", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56624", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56639", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56651", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56645", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56593", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/473", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q4/473" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/487", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q4/487" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89620", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89620" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7074", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7074" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2834", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2834" }, { "reference_url": "http://www.securityfocus.com/bid/64245", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/64245" }, { "reference_url": "https://github.com/advisories/GHSA-r8m7-792j-5jvq", "reference_id": "GHSA-r8m7-792j-5jvq", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r8m7-792j-5jvq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63484?format=api", "purl": "pkg:composer/typo3/cms@4.5.32", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/63485?format=api", "purl": "pkg:composer/typo3/cms@4.7.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/63486?format=api", "purl": "pkg:composer/typo3/cms@6.0.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/63487?format=api", "purl": "pkg:composer/typo3/cms@6.1.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.7" } ], "aliases": [ "CVE-2013-7074", "GHSA-r8m7-792j-5jvq" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j4zg-ekjr-jycg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111462?format=api", "vulnerability_id": "VCID-jppr-qkg2-ebc9", "summary": "TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component\nThe Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a \"missing signature.\"", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61556", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61536", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61551", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61563", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61507", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/473", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q4/473" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7075", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7075" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2834", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2834" }, { "reference_url": "https://github.com/advisories/GHSA-47ww-mq32-g4xw", "reference_id": "GHSA-47ww-mq32-g4xw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-47ww-mq32-g4xw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63484?format=api", "purl": "pkg:composer/typo3/cms@4.5.32", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/63485?format=api", "purl": "pkg:composer/typo3/cms@4.7.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/63486?format=api", "purl": "pkg:composer/typo3/cms@6.0.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/63487?format=api", "purl": "pkg:composer/typo3/cms@6.1.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.7" } ], "aliases": [ "CVE-2013-7075", "GHSA-47ww-mq32-g4xw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jppr-qkg2-ebc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110882?format=api", "vulnerability_id": "VCID-krup-sey3-x7av", "summary": "TYPO3 allows remote attackers to obtain the database name via a direct request\nThe Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1607", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.72428", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.72413", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.72454", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.72461", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00701", "scoring_system": "epss", "scoring_elements": "0.72441", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1607" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1607", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1607" }, { "reference_url": "https://web.archive.org/web/20120426034517/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120426034517/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001" }, { "reference_url": "https://web.archive.org/web/20120527123559/http://www.securityfocus.com/bid/52771", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120527123559/http://www.securityfocus.com/bid/52771" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2445", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2445" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/03/30/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/03/30/4" }, { "reference_url": "https://github.com/advisories/GHSA-q68v-vcjg-r3vp", "reference_id": "GHSA-q68v-vcjg-r3vp", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q68v-vcjg-r3vp" } ], "fixed_packages": [], "aliases": [ "CVE-2012-1607", "GHSA-q68v-vcjg-r3vp" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-krup-sey3-x7av" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111536?format=api", "vulnerability_id": "VCID-ksmp-ds38-z3dd", "summary": "Typo3 Exception Handler XSS\nCross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.", "references": [ { "reference_url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000241.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000241.html" }, { "reference_url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000242.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000242.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66498", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66476", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66506", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66457", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.6649", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2112" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74920", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74920" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2112", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2112" }, { "reference_url": "https://web.archive.org/web/20120421201555/http://www.securityfocus.com/bid/53047", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120421201555/http://www.securityfocus.com/bid/53047" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2455", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2455" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/04/17/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/04/17/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/04/18/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/04/18/1" }, { "reference_url": "https://github.com/advisories/GHSA-qfr3-29w6-hwpg", "reference_id": "GHSA-qfr3-29w6-hwpg", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qfr3-29w6-hwpg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/153034?format=api", "purl": "pkg:composer/typo3/cms@4.5.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/153035?format=api", "purl": "pkg:composer/typo3/cms@4.6.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.6.8" } ], "aliases": [ "CVE-2012-2112", "GHSA-qfr3-29w6-hwpg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ksmp-ds38-z3dd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44113?format=api", "vulnerability_id": "VCID-mebb-nda6-fbfk", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIncomplete block list vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.69098", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.69071", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.69111", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.6912", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.69113", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3530" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77794", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77794" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2537", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2537" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/22/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3530", "reference_id": "CVE-2012-3530", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3530" }, { "reference_url": "https://github.com/advisories/GHSA-94c2-g68f-9r98", "reference_id": "GHSA-94c2-g68f-9r98", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-94c2-g68f-9r98" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63428?format=api", "purl": "pkg:composer/typo3/cms@4.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/63429?format=api", "purl": "pkg:composer/typo3/cms@4.6.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.6.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/63430?format=api", "purl": "pkg:composer/typo3/cms@4.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.4" } ], "aliases": [ "CVE-2012-3530", "GHSA-94c2-g68f-9r98" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mebb-nda6-fbfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111747?format=api", "vulnerability_id": "VCID-n8w2-c67q-fkd5", "summary": "Typo3 Backend XSS Vulnerability\nMultiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.67268", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.67249", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.6729", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.67298", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.67285", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3528" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77792", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77792" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3528", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3528" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2537", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2537" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/22/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/8" }, { "reference_url": "https://github.com/advisories/GHSA-7w6c-5pr4-7qvp", "reference_id": "GHSA-7w6c-5pr4-7qvp", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7w6c-5pr4-7qvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63428?format=api", "purl": "pkg:composer/typo3/cms@4.5.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/63429?format=api", "purl": "pkg:composer/typo3/cms@4.6.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.6.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/63430?format=api", "purl": "pkg:composer/typo3/cms@4.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.4" } ], "aliases": [ "CVE-2012-3528", "GHSA-7w6c-5pr4-7qvp" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n8w2-c67q-fkd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44139?format=api", "vulnerability_id": "VCID-nx7p-v66a-vfg1", "summary": "TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component\nThe Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51156", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.5114", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51201", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51207", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51185", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/473", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q4/473" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/487", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q4/487" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2834", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2834" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7073", "reference_id": "CVE-2013-7073", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7073" }, { "reference_url": "https://github.com/advisories/GHSA-4rpv-g4gq-rh4m", "reference_id": "GHSA-4rpv-g4gq-rh4m", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4rpv-g4gq-rh4m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63484?format=api", "purl": "pkg:composer/typo3/cms@4.5.32", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.32" }, { "url": "http://public2.vulnerablecode.io/api/packages/63485?format=api", "purl": "pkg:composer/typo3/cms@4.7.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/63486?format=api", "purl": "pkg:composer/typo3/cms@6.0.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/63487?format=api", "purl": "pkg:composer/typo3/cms@6.1.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.7" } ], "aliases": [ "CVE-2013-7073", "GHSA-4rpv-g4gq-rh4m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nx7p-v66a-vfg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44112?format=api", "vulnerability_id": "VCID-ra42-mjmq-cfa6", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00595", "scoring_system": "epss", "scoring_elements": "0.69705", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00595", "scoring_system": "epss", "scoring_elements": "0.69679", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00595", "scoring_system": "epss", "scoring_elements": "0.69719", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00595", "scoring_system": "epss", "scoring_elements": "0.69726", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00595", "scoring_system": "epss", "scoring_elements": "0.69716", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6144" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79964", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79964" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/06/19/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/06/19/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6144", "reference_id": "CVE-2012-6144", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6144" }, { "reference_url": "https://github.com/advisories/GHSA-947m-vgqc-x6v4", "reference_id": "GHSA-947m-vgqc-x6v4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-947m-vgqc-x6v4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63425?format=api", "purl": "pkg:composer/typo3/cms@4.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/63426?format=api", "purl": "pkg:composer/typo3/cms@4.6.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.6.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/63427?format=api", "purl": "pkg:composer/typo3/cms@4.7.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.6" } ], "aliases": [ "CVE-2012-6144", "GHSA-947m-vgqc-x6v4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ra42-mjmq-cfa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111509?format=api", "vulnerability_id": "VCID-t9q4-xnmg-p3hz", "summary": "Typo3 Backend API XSS Vulnerability\nCross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41401", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41383", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41458", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41462", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41432", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6147" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79967", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79967" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6147", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6147" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/06/19/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/06/19/4" }, { "reference_url": "https://github.com/advisories/GHSA-qmmw-ch2q-j6xx", "reference_id": "GHSA-qmmw-ch2q-j6xx", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qmmw-ch2q-j6xx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63425?format=api", "purl": "pkg:composer/typo3/cms@4.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/63426?format=api", "purl": "pkg:composer/typo3/cms@4.6.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.6.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/63427?format=api", "purl": "pkg:composer/typo3/cms@4.7.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.6" } ], "aliases": [ "CVE-2012-6147", "GHSA-qmmw-ch2q-j6xx" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t9q4-xnmg-p3hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111984?format=api", "vulnerability_id": "VCID-ue3u-mrsa-3yd2", "summary": "Typo3 Backend History Module Vulnerable to XSS\nThe Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6146", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38868", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.3892", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38923", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38895", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38832", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6146" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6146", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6146" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/" }, { "reference_url": "https://github.com/advisories/GHSA-2hp4-8h6h-93rr", "reference_id": "GHSA-2hp4-8h6h-93rr", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2hp4-8h6h-93rr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63425?format=api", "purl": "pkg:composer/typo3/cms@4.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/63426?format=api", "purl": "pkg:composer/typo3/cms@4.6.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.6.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/63427?format=api", "purl": "pkg:composer/typo3/cms@4.7.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.6" } ], "aliases": [ "CVE-2012-6146", "GHSA-2hp4-8h6h-93rr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ue3u-mrsa-3yd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42971?format=api", "vulnerability_id": "VCID-uqt6-d8qh-vbcr", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4903", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56386", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56399", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56392", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56369", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56336", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4903" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-001/#XSS" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4903", "reference_id": "CVE-2011-4903", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4903" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2011-4903", "reference_id": "CVE-2011-4903", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4903" }, { "reference_url": "https://github.com/advisories/GHSA-q22w-r5qq-v3wf", "reference_id": "GHSA-q22w-r5qq-v3wf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q22w-r5qq-v3wf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61475?format=api", "purl": "pkg:composer/typo3/cms@4.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.4" } ], "aliases": [ "CVE-2011-4903", "GHSA-q22w-r5qq-v3wf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uqt6-d8qh-vbcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43798?format=api", "vulnerability_id": "VCID-wasp-gawc-cbca", "summary": "TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code\nThe Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3942", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63635", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63644", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63636", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63624", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63594", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2014-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2014-001" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2942", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2942" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/06/03/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/06/03/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3942", "reference_id": "CVE-2014-3942", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3942" }, { "reference_url": "https://github.com/advisories/GHSA-55g3-fjwm-w2c8", "reference_id": "GHSA-55g3-fjwm-w2c8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-55g3-fjwm-w2c8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62894?format=api", "purl": "pkg:composer/typo3/cms@4.5.34", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/62895?format=api", "purl": "pkg:composer/typo3/cms@4.7.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/62896?format=api", "purl": "pkg:composer/typo3/cms@6.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f2m-tcjn-fyby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/62897?format=api", "purl": "pkg:composer/typo3/cms@6.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.9" } ], "aliases": [ "CVE-2014-3942", "GHSA-55g3-fjwm-w2c8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wasp-gawc-cbca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112160?format=api", "vulnerability_id": "VCID-wzje-a1jd-2bgx", "summary": "Typo3 Function Menu API XSS Vulnerability\nCross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45192", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45169", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45237", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.4524", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.4522", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6148" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79968", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79968" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6148", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6148" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/" }, { "reference_url": "https://github.com/advisories/GHSA-rgf6-9q7g-55qg", "reference_id": "GHSA-rgf6-9q7g-55qg", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rgf6-9q7g-55qg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63425?format=api", "purl": "pkg:composer/typo3/cms@4.5.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/63426?format=api", "purl": "pkg:composer/typo3/cms@4.6.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.6.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/63427?format=api", "purl": "pkg:composer/typo3/cms@4.7.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.6" } ], "aliases": [ "CVE-2012-6148", "GHSA-rgf6-9q7g-55qg" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wzje-a1jd-2bgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43930?format=api", "vulnerability_id": "VCID-yphc-ujay-7fcs", "summary": "Typo3 Host Header Spoofing Vulnerability\nTYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to \"Host Spoofing.\"", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3941", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51253", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51269", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.5132", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51314", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51299", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3941" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2942", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2942" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/06/03/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/06/03/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3941", "reference_id": "CVE-2014-3941", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3941" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3941.yaml", "reference_id": "CVE-2014-3941.YAML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3941.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-594h-cx6w-p4jf", "reference_id": "GHSA-594h-cx6w-p4jf", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-594h-cx6w-p4jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62894?format=api", "purl": "pkg:composer/typo3/cms@4.5.34", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/62895?format=api", "purl": "pkg:composer/typo3/cms@4.7.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/62896?format=api", "purl": "pkg:composer/typo3/cms@6.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f2m-tcjn-fyby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/62897?format=api", "purl": "pkg:composer/typo3/cms@6.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/51878?format=api", "purl": "pkg:composer/typo3/cms@6.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ef6-uy9t-mqcu" }, { "vulnerability": "VCID-1efr-h9gq-r7h1" }, { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-1usv-hs5c-akb2" }, { "vulnerability": "VCID-2f2m-tcjn-fyby" }, { "vulnerability": "VCID-2r7u-mc45-8yhe" }, { "vulnerability": "VCID-39jx-muqb-nkfq" }, { "vulnerability": "VCID-3ump-aca5-g7b6" }, { "vulnerability": "VCID-4wnp-gusy-43b8" }, { "vulnerability": "VCID-5dxs-cdht-27hw" }, { "vulnerability": "VCID-5hm4-ms5p-uuae" }, { "vulnerability": "VCID-5ppx-p8eq-mbgk" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-6su8-bbrw-hbhp" }, { "vulnerability": "VCID-6u6t-uy5y-5fd6" }, { "vulnerability": "VCID-727q-h3ey-6yc9" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-83y4-7q4j-h7f8" }, { "vulnerability": "VCID-8jcy-3kje-fqeh" }, { "vulnerability": "VCID-8p64-6zpt-t3av" }, { "vulnerability": "VCID-8vum-snng-jfcv" }, { "vulnerability": "VCID-95wn-6r9b-q7et" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-a1kt-str6-rqec" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-bstt-ybrs-5ua3" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dd9u-w2y2-87h9" }, { "vulnerability": "VCID-dw8z-wtph-skey" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ebku-sk43-m7bf" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ekvp-u4kk-kqdd" }, { "vulnerability": "VCID-eutz-mj58-audb" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-exjy-5cyn-zfg1" }, { "vulnerability": "VCID-fgn1-hswd-ekdf" }, { "vulnerability": "VCID-fgqa-5fx9-nkaz" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-g7mm-vjbw-bbhd" }, { "vulnerability": "VCID-g9ns-sxkx-aqh1" }, { "vulnerability": "VCID-gbdn-7ce2-zuf7" }, { "vulnerability": "VCID-h217-xe8x-nua3" }, { "vulnerability": "VCID-h7hf-sf2q-73ay" }, { "vulnerability": "VCID-hm4k-wbq3-r7ej" }, { "vulnerability": "VCID-huxd-2e6q-abak" }, { "vulnerability": "VCID-hzma-cduk-3uhp" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jbkw-4x2d-fqcp" }, { "vulnerability": "VCID-jenc-czvj-g3gw" }, { "vulnerability": "VCID-jeqr-9tfu-f7b2" }, { "vulnerability": "VCID-jf28-91be-6kbr" }, { "vulnerability": "VCID-jmea-qzsr-wkf4" }, { "vulnerability": "VCID-jn38-wfec-7bb2" }, { "vulnerability": "VCID-jx9x-wxwq-5khx" }, { "vulnerability": "VCID-kj76-rsr8-yqb3" }, { "vulnerability": "VCID-kp2p-nbmg-ufen" }, { "vulnerability": "VCID-kqu8-8c1n-73hr" }, { "vulnerability": "VCID-ks1q-a8x2-uqht" }, { "vulnerability": "VCID-m3nc-xbb4-yubr" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-n326-yy8y-xuap" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-nvbp-pbjw-3qgx" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-r6hu-hvdh-abb1" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-rs13-zf7b-mka7" }, { "vulnerability": "VCID-s4re-vww7-sugb" }, { "vulnerability": "VCID-s97a-nmk8-y3ay" }, { "vulnerability": "VCID-sdz8-hju8-4bcb" }, { "vulnerability": "VCID-sn8n-mawq-3uht" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u37d-tqqe-n7d4" }, { "vulnerability": "VCID-u4tq-8qnk-5fd7" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-v2qy-dbf2-bffn" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-w58p-3wg1-7ycr" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wk4s-4bcd-2yb5" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-x175-xjek-97ds" }, { "vulnerability": "VCID-xpxg-qq49-b7fd" }, { "vulnerability": "VCID-xt7m-u9eb-fyd9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y1ap-y4az-x7ec" }, { "vulnerability": "VCID-yn6z-9v7k-x7br" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-zhvz-jzf3-2uac" }, { "vulnerability": "VCID-zpxz-291y-x3c7" }, { "vulnerability": "VCID-zru2-9g25-77dc" }, { "vulnerability": "VCID-zrz3-3dnf-tbay" }, { "vulnerability": "VCID-zybp-mb3d-jyee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.3" } ], "aliases": [ "CVE-2014-3941", "GHSA-594h-cx6w-p4jf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yphc-ujay-7fcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43975?format=api", "vulnerability_id": "VCID-zqe5-53je-mfaw", "summary": "Typo3 XSS Vulnerabilities\nMultiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43151", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43198", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43206", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43123", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43186", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3943" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2014-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2014-001" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001" }, { "reference_url": "https://web.archive.org/web/20200229060129/http://www.securityfocus.com/bid/67625", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200229060129/http://www.securityfocus.com/bid/67625" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2942", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2942" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/06/03/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/06/03/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3943", "reference_id": "CVE-2014-3943", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3943" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3943.yaml", "reference_id": "CVE-2014-3943.YAML", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3943.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-qqh2-h6gw-6x8x", "reference_id": "GHSA-qqh2-h6gw-6x8x", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qqh2-h6gw-6x8x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62894?format=api", "purl": "pkg:composer/typo3/cms@4.5.34", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.34" }, { "url": "http://public2.vulnerablecode.io/api/packages/62895?format=api", "purl": "pkg:composer/typo3/cms@4.7.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/62896?format=api", "purl": "pkg:composer/typo3/cms@6.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f2m-tcjn-fyby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/62897?format=api", "purl": "pkg:composer/typo3/cms@6.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/51878?format=api", "purl": "pkg:composer/typo3/cms@6.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ef6-uy9t-mqcu" }, { "vulnerability": "VCID-1efr-h9gq-r7h1" }, { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-1usv-hs5c-akb2" }, { "vulnerability": "VCID-2f2m-tcjn-fyby" }, { "vulnerability": "VCID-2r7u-mc45-8yhe" }, { "vulnerability": "VCID-39jx-muqb-nkfq" }, { "vulnerability": "VCID-3ump-aca5-g7b6" }, { "vulnerability": "VCID-4wnp-gusy-43b8" }, { "vulnerability": "VCID-5dxs-cdht-27hw" }, { "vulnerability": "VCID-5hm4-ms5p-uuae" }, { "vulnerability": "VCID-5ppx-p8eq-mbgk" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-6su8-bbrw-hbhp" }, { "vulnerability": "VCID-6u6t-uy5y-5fd6" }, { "vulnerability": "VCID-727q-h3ey-6yc9" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-83y4-7q4j-h7f8" }, { "vulnerability": "VCID-8jcy-3kje-fqeh" }, { "vulnerability": "VCID-8p64-6zpt-t3av" }, { "vulnerability": "VCID-8vum-snng-jfcv" }, { "vulnerability": "VCID-95wn-6r9b-q7et" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-a1kt-str6-rqec" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-bstt-ybrs-5ua3" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dd9u-w2y2-87h9" }, { "vulnerability": "VCID-dw8z-wtph-skey" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ebku-sk43-m7bf" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ekvp-u4kk-kqdd" }, { "vulnerability": "VCID-eutz-mj58-audb" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-exjy-5cyn-zfg1" }, { "vulnerability": "VCID-fgn1-hswd-ekdf" }, { "vulnerability": "VCID-fgqa-5fx9-nkaz" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-g7mm-vjbw-bbhd" }, { "vulnerability": "VCID-g9ns-sxkx-aqh1" }, { "vulnerability": "VCID-gbdn-7ce2-zuf7" }, { "vulnerability": "VCID-h217-xe8x-nua3" }, { "vulnerability": "VCID-h7hf-sf2q-73ay" }, { "vulnerability": "VCID-hm4k-wbq3-r7ej" }, { "vulnerability": "VCID-huxd-2e6q-abak" }, { "vulnerability": "VCID-hzma-cduk-3uhp" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jbkw-4x2d-fqcp" }, { "vulnerability": "VCID-jenc-czvj-g3gw" }, { "vulnerability": "VCID-jeqr-9tfu-f7b2" }, { "vulnerability": "VCID-jf28-91be-6kbr" }, { "vulnerability": "VCID-jmea-qzsr-wkf4" }, { "vulnerability": "VCID-jn38-wfec-7bb2" }, { "vulnerability": "VCID-jx9x-wxwq-5khx" }, { "vulnerability": "VCID-kj76-rsr8-yqb3" }, { "vulnerability": "VCID-kp2p-nbmg-ufen" }, { "vulnerability": "VCID-kqu8-8c1n-73hr" }, { "vulnerability": "VCID-ks1q-a8x2-uqht" }, { "vulnerability": "VCID-m3nc-xbb4-yubr" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-n326-yy8y-xuap" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-nvbp-pbjw-3qgx" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-r6hu-hvdh-abb1" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-rs13-zf7b-mka7" }, { "vulnerability": "VCID-s4re-vww7-sugb" }, { "vulnerability": "VCID-s97a-nmk8-y3ay" }, { "vulnerability": "VCID-sdz8-hju8-4bcb" }, { "vulnerability": "VCID-sn8n-mawq-3uht" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u37d-tqqe-n7d4" }, { "vulnerability": "VCID-u4tq-8qnk-5fd7" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-v2qy-dbf2-bffn" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-w58p-3wg1-7ycr" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wk4s-4bcd-2yb5" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-x175-xjek-97ds" }, { "vulnerability": "VCID-xpxg-qq49-b7fd" }, { "vulnerability": "VCID-xt7m-u9eb-fyd9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y1ap-y4az-x7ec" }, { "vulnerability": "VCID-yn6z-9v7k-x7br" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-zhvz-jzf3-2uac" }, { "vulnerability": "VCID-zpxz-291y-x3c7" }, { "vulnerability": "VCID-zru2-9g25-77dc" }, { "vulnerability": "VCID-zrz3-3dnf-tbay" }, { "vulnerability": "VCID-zybp-mb3d-jyee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.3" } ], "aliases": [ "CVE-2014-3943", "GHSA-qqh2-h6gw-6x8x" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zqe5-53je-mfaw" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.5.0" }