Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/cms@4.1.10
Typecomposer
Namespacetypo3
Namecms
Version4.1.10
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version4.1.13
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-4hgv-3p24-87hd
vulnerability_id VCID-4hgv-3p24-87hd
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.
references
0
reference_url https://web.archive.org/web/20210507104956/http://www.securitytracker.com/id?1021709
reference_id
reference_type
scores
url https://web.archive.org/web/20210507104956/http://www.securitytracker.com/id?1021709
1
reference_url http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/
reference_id
reference_type
scores
url http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/
2
reference_url http://www.debian.org/security/2009/dsa-1720
reference_id
reference_type
scores
url http://www.debian.org/security/2009/dsa-1720
3
reference_url http://www.openwall.com/lists/oss-security/2009/02/10/6
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2009/02/10/6
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-0816
reference_id CVE-2009-0816
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2009-0816
5
reference_url https://github.com/advisories/GHSA-jg55-3q6h-2ccf
reference_id GHSA-jg55-3q6h-2ccf
reference_type
scores
url https://github.com/advisories/GHSA-jg55-3q6h-2ccf
fixed_packages
0
url pkg:composer/typo3/cms@4.0.12
purl pkg:composer/typo3/cms@4.0.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.0.12
1
url pkg:composer/typo3/cms@4.1.10
purl pkg:composer/typo3/cms@4.1.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.1.10
2
url pkg:composer/typo3/cms@4.2.6
purl pkg:composer/typo3/cms@4.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.6
aliases CVE-2009-0816, GHSA-jg55-3q6h-2ccf
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4hgv-3p24-87hd
1
url VCID-pdhc-93r6-yfds
vulnerability_id VCID-pdhc-93r6-yfds
summary 
TYPO3 leaks a hash secret in an error message
The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
references
0
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
url https://github.com/TYPO3/typo3
1
reference_url https://web.archive.org/web/20091206080208/http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002
reference_id
reference_type
scores
url https://web.archive.org/web/20091206080208/http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002
2
reference_url https://web.archive.org/web/20200915000000*/http://www.securitytracker.com/id?1021710
reference_id
reference_type
scores
url https://web.archive.org/web/20200915000000*/http://www.securitytracker.com/id?1021710
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2009-0815
reference_id CVE-2009-0815
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2009-0815
4
reference_url https://github.com/advisories/GHSA-c22j-84c7-cm77
reference_id GHSA-c22j-84c7-cm77
reference_type
scores
url https://github.com/advisories/GHSA-c22j-84c7-cm77
fixed_packages
0
url pkg:composer/typo3/cms@4.0.12
purl pkg:composer/typo3/cms@4.0.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.0.12
1
url pkg:composer/typo3/cms@4.1.10
purl pkg:composer/typo3/cms@4.1.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.1.10
2
url pkg:composer/typo3/cms@4.2.6
purl pkg:composer/typo3/cms@4.2.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.6
aliases CVE-2009-0815, GHSA-c22j-84c7-cm77
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pdhc-93r6-yfds
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.1.10