Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62891?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62891?format=api", "purl": "pkg:composer/typo3/cms@4.7.0", "type": "composer", "namespace": "typo3", "name": "cms", "version": "4.7.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "10.4.35", "latest_non_vulnerable_version": "12.2.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111340?format=api", "vulnerability_id": "VCID-1m3k-7uhk-7kbr", "summary": "Typo3 Backend Configuration XSS Vulnerability\nThe configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59395", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00374", "scoring_system": "epss", "scoring_elements": "0.59446", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3529" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77793", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77793" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3529", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3529" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2537", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2537" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/22/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/8" }, { "reference_url": "https://github.com/advisories/GHSA-7gg8-3r6j-5g55", "reference_id": "GHSA-7gg8-3r6j-5g55", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7gg8-3r6j-5g55" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63430?format=api", "purl": "pkg:composer/typo3/cms@4.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.4" } ], "aliases": [ "CVE-2012-3529", "GHSA-7gg8-3r6j-5g55" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1m3k-7uhk-7kbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111441?format=api", "vulnerability_id": "VCID-2f2m-tcjn-fyby", "summary": "Typo3 Vulnerable to Cache Poisoning\n**Problem Description:** A request URL with arbitrary arguments, but still pointing to the home page of a TYPO3 installation can be cached if the configuration option `config.prefixLocalAnchors` is used with the values \"all\" or \"cached\". The impact of this vulnerability is that unfamiliar looking links to the home page can end up in the cache, which leads to a reload of the page in the browser when section links are followed by web page visitors, instead of just directly jumping to the requested section of the page. TYPO3 versions 4.6.x and higher are only affected if the homepage is not a shortcut to a different page.\n\n**Solution:** Removing the configuration options `config.prefixLocalAnchors` (and optionally also config.baseUrl) in favor of `config.absRefPrefix`\n\n**Credits:** Thanks to Gernot Leitgab who discovered and reported the vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9509", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70755", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00633", "scoring_system": "epss", "scoring_elements": "0.70797", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9509" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9509", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-9509" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/" }, { "reference_url": "https://github.com/advisories/GHSA-5479-gqqr-f9gj", "reference_id": "GHSA-5479-gqqr-f9gj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5479-gqqr-f9gj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/152637?format=api", "purl": "pkg:composer/typo3/cms@4.7.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/152638?format=api", "purl": "pkg:composer/typo3/cms@6.0.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/152640?format=api", "purl": "pkg:composer/typo3/cms@6.1.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/52098?format=api", "purl": "pkg:composer/typo3/cms@6.2.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efr-h9gq-r7h1" }, { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-1usv-hs5c-akb2" }, { "vulnerability": "VCID-2r7u-mc45-8yhe" }, { "vulnerability": "VCID-39jx-muqb-nkfq" }, { "vulnerability": "VCID-4wnp-gusy-43b8" }, { "vulnerability": "VCID-5dxs-cdht-27hw" }, { "vulnerability": "VCID-5hm4-ms5p-uuae" }, { "vulnerability": "VCID-5ppx-p8eq-mbgk" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-6su8-bbrw-hbhp" }, { "vulnerability": "VCID-727q-h3ey-6yc9" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-83y4-7q4j-h7f8" }, { "vulnerability": "VCID-8jcy-3kje-fqeh" }, { "vulnerability": "VCID-8p64-6zpt-t3av" }, { "vulnerability": "VCID-8vum-snng-jfcv" }, { "vulnerability": "VCID-95wn-6r9b-q7et" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-bstt-ybrs-5ua3" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dd9u-w2y2-87h9" }, { "vulnerability": "VCID-dw8z-wtph-skey" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ebku-sk43-m7bf" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ekvp-u4kk-kqdd" }, { "vulnerability": "VCID-eutz-mj58-audb" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-exjy-5cyn-zfg1" }, { "vulnerability": "VCID-fgqa-5fx9-nkaz" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-g7mm-vjbw-bbhd" }, { "vulnerability": "VCID-g9ns-sxkx-aqh1" }, { "vulnerability": "VCID-gbdn-7ce2-zuf7" }, { "vulnerability": "VCID-h217-xe8x-nua3" }, { "vulnerability": "VCID-h7hf-sf2q-73ay" }, { "vulnerability": "VCID-hm4k-wbq3-r7ej" }, { "vulnerability": "VCID-huxd-2e6q-abak" }, { "vulnerability": "VCID-hzma-cduk-3uhp" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jbkw-4x2d-fqcp" }, { "vulnerability": "VCID-jenc-czvj-g3gw" }, { "vulnerability": "VCID-jeqr-9tfu-f7b2" }, { "vulnerability": "VCID-jf28-91be-6kbr" }, { "vulnerability": "VCID-jmea-qzsr-wkf4" }, { "vulnerability": "VCID-jn38-wfec-7bb2" }, { "vulnerability": "VCID-kj76-rsr8-yqb3" }, { "vulnerability": "VCID-kp2p-nbmg-ufen" }, { "vulnerability": "VCID-kqu8-8c1n-73hr" }, { "vulnerability": "VCID-ks1q-a8x2-uqht" }, { "vulnerability": "VCID-m3nc-xbb4-yubr" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-n326-yy8y-xuap" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-nvbp-pbjw-3qgx" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-rs13-zf7b-mka7" }, { "vulnerability": "VCID-s4re-vww7-sugb" }, { "vulnerability": "VCID-s97a-nmk8-y3ay" }, { "vulnerability": "VCID-sdz8-hju8-4bcb" }, { "vulnerability": "VCID-sn8n-mawq-3uht" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u37d-tqqe-n7d4" }, { "vulnerability": "VCID-u4tq-8qnk-5fd7" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-v2qy-dbf2-bffn" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-w58p-3wg1-7ycr" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wk4s-4bcd-2yb5" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-x175-xjek-97ds" }, { "vulnerability": "VCID-xpxg-qq49-b7fd" }, { "vulnerability": "VCID-xt7m-u9eb-fyd9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y1ap-y4az-x7ec" }, { "vulnerability": "VCID-yn6z-9v7k-x7br" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-zhvz-jzf3-2uac" }, { "vulnerability": "VCID-zru2-9g25-77dc" }, { "vulnerability": "VCID-zrz3-3dnf-tbay" }, { "vulnerability": "VCID-zybp-mb3d-jyee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/52099?format=api", "purl": "pkg:composer/typo3/cms@7.0.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-28fn-ncj5-2ufk" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-2rmv-a83x-9ka8" }, { "vulnerability": "VCID-3ugj-6m1e-e3hr" }, { "vulnerability": "VCID-5hm4-ms5p-uuae" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-66kh-c1dm-8fbf" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-8jcy-3kje-fqeh" }, { "vulnerability": "VCID-953t-q1cr-zyd6" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-abjx-8v46-d7d8" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dsqm-9q3e-dudw" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fdnw-2tz5-4fdr" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-gpv4-4tpd-tbaa" }, { "vulnerability": "VCID-hm4k-wbq3-r7ej" }, { "vulnerability": "VCID-hp99-ncuh-6ugv" }, { "vulnerability": "VCID-hsw8-nbs6-auaa" }, { "vulnerability": "VCID-hyx9-8ae6-sba8" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-jq5y-7h9g-mufa" }, { "vulnerability": "VCID-jwb1-3sbg-kfa5" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-njsj-bwjq-fyap" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-p576-w7dd-p3h7" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qcnh-z4zh-myaw" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-rs13-zf7b-mka7" }, { "vulnerability": "VCID-teby-zvvw-zkhv" }, { "vulnerability": "VCID-tzpj-j3x1-ekgk" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-xvyu-2hb8-8ufh" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-yz6t-ge1y-qfgr" }, { "vulnerability": "VCID-zru2-9g25-77dc" }, { "vulnerability": "VCID-zybp-mb3d-jyee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.2" } ], "aliases": [ "CVE-2014-9509", "GHSA-5479-gqqr-f9gj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2f2m-tcjn-fyby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112412?format=api", "vulnerability_id": "VCID-3c8n-x9h6-5ybw", "summary": "Typo3 Install Tool XSS Vulnerability\nCross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3531", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48313", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48249", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3531" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78888" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3531", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3531" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2537", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2537" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/22/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/8" }, { "reference_url": "https://github.com/advisories/GHSA-p9wg-jvj4-cx26", "reference_id": "GHSA-p9wg-jvj4-cx26", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p9wg-jvj4-cx26" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63430?format=api", "purl": "pkg:composer/typo3/cms@4.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.4" } ], "aliases": [ "CVE-2012-3531", "GHSA-p9wg-jvj4-cx26" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3c8n-x9h6-5ybw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55094?format=api", "vulnerability_id": "VCID-88un-etsg-2qas", "summary": "ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting\nFailing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing. TYPO3 uses the HTTP host-header to generate absolute URLs in several places like 404 handling, http(s) enforcement, password reset links and many more. Since the host header itself is provided by the client it can be forged to any value, even in a name based virtual hosts environment. A blog post describes this problem in great detail.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2014-05-22-1.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2014-05-22-1.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/32efb1b03573d51391126c90cd87c74b3dc457fb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/32efb1b03573d51391126c90cd87c74b3dc457fb" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/9bd777649e4022c89dbf39ca41988a594b5e94b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/9bd777649e4022c89dbf39ca41988a594b5e94b8" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/c39bca9613c311dd12e61771dd311b1bb2283b8d", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/c39bca9613c311dd12e61771dd311b1bb2283b8d" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/d554ac5323f3b0fac1fce4c2c491d0123badd669", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/d554ac5323f3b0fac1fce4c2c491d0123badd669" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2014-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2014-001" }, { "reference_url": "https://web.archive.org/web/20140531042943/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20140531042943/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001" }, { "reference_url": "https://github.com/advisories/GHSA-mxjf-hc9v-xgv2", "reference_id": "GHSA-mxjf-hc9v-xgv2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mxjf-hc9v-xgv2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62895?format=api", "purl": "pkg:composer/typo3/cms@4.7.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/62897?format=api", "purl": "pkg:composer/typo3/cms@6.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/51878?format=api", "purl": "pkg:composer/typo3/cms@6.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ef6-uy9t-mqcu" }, { "vulnerability": "VCID-1efr-h9gq-r7h1" }, { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-1usv-hs5c-akb2" }, { "vulnerability": "VCID-2f2m-tcjn-fyby" }, { "vulnerability": "VCID-2r7u-mc45-8yhe" }, { "vulnerability": "VCID-39jx-muqb-nkfq" }, { "vulnerability": "VCID-3ump-aca5-g7b6" }, { "vulnerability": "VCID-4wnp-gusy-43b8" }, { "vulnerability": "VCID-5dxs-cdht-27hw" }, { "vulnerability": "VCID-5hm4-ms5p-uuae" }, { "vulnerability": "VCID-5ppx-p8eq-mbgk" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-6su8-bbrw-hbhp" }, { "vulnerability": "VCID-6u6t-uy5y-5fd6" }, { "vulnerability": "VCID-727q-h3ey-6yc9" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-83y4-7q4j-h7f8" }, { "vulnerability": "VCID-8jcy-3kje-fqeh" }, { "vulnerability": "VCID-8p64-6zpt-t3av" }, { "vulnerability": "VCID-8vum-snng-jfcv" }, { "vulnerability": "VCID-95wn-6r9b-q7et" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-a1kt-str6-rqec" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-bstt-ybrs-5ua3" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dd9u-w2y2-87h9" }, { "vulnerability": "VCID-dw8z-wtph-skey" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ebku-sk43-m7bf" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ekvp-u4kk-kqdd" }, { "vulnerability": "VCID-eutz-mj58-audb" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-exjy-5cyn-zfg1" }, { "vulnerability": "VCID-fgn1-hswd-ekdf" }, { "vulnerability": "VCID-fgqa-5fx9-nkaz" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-g7mm-vjbw-bbhd" }, { "vulnerability": "VCID-g9ns-sxkx-aqh1" }, { "vulnerability": "VCID-gbdn-7ce2-zuf7" }, { "vulnerability": "VCID-h217-xe8x-nua3" }, { "vulnerability": "VCID-h7hf-sf2q-73ay" }, { "vulnerability": "VCID-hm4k-wbq3-r7ej" }, { "vulnerability": "VCID-huxd-2e6q-abak" }, { "vulnerability": "VCID-hzma-cduk-3uhp" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jbkw-4x2d-fqcp" }, { "vulnerability": "VCID-jenc-czvj-g3gw" }, { "vulnerability": "VCID-jeqr-9tfu-f7b2" }, { "vulnerability": "VCID-jf28-91be-6kbr" }, { "vulnerability": "VCID-jmea-qzsr-wkf4" }, { "vulnerability": "VCID-jn38-wfec-7bb2" }, { "vulnerability": "VCID-jx9x-wxwq-5khx" }, { "vulnerability": "VCID-kj76-rsr8-yqb3" }, { "vulnerability": "VCID-kp2p-nbmg-ufen" }, { "vulnerability": "VCID-kqu8-8c1n-73hr" }, { "vulnerability": "VCID-ks1q-a8x2-uqht" }, { "vulnerability": "VCID-m3nc-xbb4-yubr" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-n326-yy8y-xuap" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-nvbp-pbjw-3qgx" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-r6hu-hvdh-abb1" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-rs13-zf7b-mka7" }, { "vulnerability": "VCID-s4re-vww7-sugb" }, { "vulnerability": "VCID-s97a-nmk8-y3ay" }, { "vulnerability": "VCID-sdz8-hju8-4bcb" }, { "vulnerability": "VCID-sn8n-mawq-3uht" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u37d-tqqe-n7d4" }, { "vulnerability": "VCID-u4tq-8qnk-5fd7" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-v2qy-dbf2-bffn" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-w58p-3wg1-7ycr" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wk4s-4bcd-2yb5" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-x175-xjek-97ds" }, { "vulnerability": "VCID-xpxg-qq49-b7fd" }, { "vulnerability": "VCID-xt7m-u9eb-fyd9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y1ap-y4az-x7ec" }, { "vulnerability": "VCID-yn6z-9v7k-x7br" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-zhvz-jzf3-2uac" }, { "vulnerability": "VCID-zpxz-291y-x3c7" }, { "vulnerability": "VCID-zru2-9g25-77dc" }, { "vulnerability": "VCID-zrz3-3dnf-tbay" }, { "vulnerability": "VCID-zybp-mb3d-jyee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.3" } ], "aliases": [ "GHSA-mxjf-hc9v-xgv2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-88un-etsg-2qas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55084?format=api", "vulnerability_id": "VCID-a1kt-str6-rqec", "summary": "TYPO3 Arbitrary Shell Execution in Swiftmailer library\nThe swiftmailer library in use allows to execute arbitrary shell commands if the \"From\" header comes from a non-trusted source and no \"Return-Path\" is configured. Affected are only TYPO3 installation the configuration option\n```\n$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport']\n```\nis set to \"sendmail\". Installations with the default configuration are not affected.", "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2014-10-22-2.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2014-10-22-2.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/313c4bba53dd78803a9ee97c1f6f1d450a521521", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/313c4bba53dd78803a9ee97c1f6f1d450a521521" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/6af37574e063929eaab066dd9920b1fa8815da12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/6af37574e063929eaab066dd9920b1fa8815da12" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/dbdd9f22b7cebf43f2e4abdb2a6a8a9f32af8f61", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/dbdd9f22b7cebf43f2e4abdb2a6a8a9f32af8f61" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/ead183c5acf25b7e1121adee5a5860bd9b5f05a2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/ead183c5acf25b7e1121adee5a5860bd9b5f05a2" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2014-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2014-002" }, { "reference_url": "https://github.com/advisories/GHSA-45xg-4w5x-j429", "reference_id": "GHSA-45xg-4w5x-j429", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-45xg-4w5x-j429" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81680?format=api", "purl": "pkg:composer/typo3/cms@4.7.20", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f2m-tcjn-fyby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.20" }, { "url": "http://public2.vulnerablecode.io/api/packages/81679?format=api", "purl": "pkg:composer/typo3/cms@6.1.12", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f2m-tcjn-fyby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/51995?format=api", "purl": "pkg:composer/typo3/cms@6.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ef6-uy9t-mqcu" }, { "vulnerability": "VCID-1efr-h9gq-r7h1" }, { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-1usv-hs5c-akb2" }, { "vulnerability": "VCID-2f2m-tcjn-fyby" }, { "vulnerability": "VCID-2r7u-mc45-8yhe" }, { "vulnerability": "VCID-39jx-muqb-nkfq" }, { "vulnerability": "VCID-4wnp-gusy-43b8" }, { "vulnerability": "VCID-5dxs-cdht-27hw" }, { "vulnerability": "VCID-5hm4-ms5p-uuae" }, { "vulnerability": "VCID-5ppx-p8eq-mbgk" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-6su8-bbrw-hbhp" }, { "vulnerability": "VCID-6u6t-uy5y-5fd6" }, { "vulnerability": "VCID-727q-h3ey-6yc9" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-83y4-7q4j-h7f8" }, { "vulnerability": "VCID-8jcy-3kje-fqeh" }, { "vulnerability": "VCID-8p64-6zpt-t3av" }, { "vulnerability": "VCID-8vum-snng-jfcv" }, { "vulnerability": "VCID-95wn-6r9b-q7et" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-bstt-ybrs-5ua3" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dd9u-w2y2-87h9" }, { "vulnerability": "VCID-dw8z-wtph-skey" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ebku-sk43-m7bf" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ekvp-u4kk-kqdd" }, { "vulnerability": "VCID-eutz-mj58-audb" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-exjy-5cyn-zfg1" }, { "vulnerability": "VCID-fgqa-5fx9-nkaz" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-g7mm-vjbw-bbhd" }, { "vulnerability": "VCID-g9ns-sxkx-aqh1" }, { "vulnerability": "VCID-gbdn-7ce2-zuf7" }, { "vulnerability": "VCID-h217-xe8x-nua3" }, { "vulnerability": "VCID-h7hf-sf2q-73ay" }, { "vulnerability": "VCID-hm4k-wbq3-r7ej" }, { "vulnerability": "VCID-huxd-2e6q-abak" }, { "vulnerability": "VCID-hzma-cduk-3uhp" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jbkw-4x2d-fqcp" }, { "vulnerability": "VCID-jenc-czvj-g3gw" }, { "vulnerability": "VCID-jeqr-9tfu-f7b2" }, { "vulnerability": "VCID-jf28-91be-6kbr" }, { "vulnerability": "VCID-jmea-qzsr-wkf4" }, { "vulnerability": "VCID-jn38-wfec-7bb2" }, { "vulnerability": "VCID-jx9x-wxwq-5khx" }, { "vulnerability": "VCID-kj76-rsr8-yqb3" }, { "vulnerability": "VCID-kp2p-nbmg-ufen" }, { "vulnerability": "VCID-kqu8-8c1n-73hr" }, { "vulnerability": "VCID-ks1q-a8x2-uqht" }, { "vulnerability": "VCID-m3nc-xbb4-yubr" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-n326-yy8y-xuap" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-nvbp-pbjw-3qgx" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-r6hu-hvdh-abb1" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-rs13-zf7b-mka7" }, { "vulnerability": "VCID-s4re-vww7-sugb" }, { "vulnerability": "VCID-s97a-nmk8-y3ay" }, { "vulnerability": "VCID-sdz8-hju8-4bcb" }, { "vulnerability": "VCID-sn8n-mawq-3uht" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u37d-tqqe-n7d4" }, { "vulnerability": "VCID-u4tq-8qnk-5fd7" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-v2qy-dbf2-bffn" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-w58p-3wg1-7ycr" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wk4s-4bcd-2yb5" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-x175-xjek-97ds" }, { "vulnerability": "VCID-xpxg-qq49-b7fd" }, { "vulnerability": "VCID-xt7m-u9eb-fyd9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y1ap-y4az-x7ec" }, { "vulnerability": "VCID-yn6z-9v7k-x7br" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-zhvz-jzf3-2uac" }, { "vulnerability": "VCID-zru2-9g25-77dc" }, { "vulnerability": "VCID-zrz3-3dnf-tbay" }, { "vulnerability": "VCID-zybp-mb3d-jyee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.6" } ], "aliases": [ "GHSA-45xg-4w5x-j429" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a1kt-str6-rqec" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/110997?format=api", "vulnerability_id": "VCID-dz2n-vpss-zqe9", "summary": "TYPO3 allows remote authenticated backend users to unserialize arbitrary objects\nview_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a \"missing signature (HMAC).\"", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.8424", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02065", "scoring_system": "epss", "scoring_elements": "0.84263", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3527" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77791", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77791" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3527", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3527" }, { "reference_url": "https://web.archive.org/web/20120817233148/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120817233148/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2537", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2537" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/22/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/8" }, { "reference_url": "https://github.com/advisories/GHSA-m4hw-r893-xh4g", "reference_id": "GHSA-m4hw-r893-xh4g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m4hw-r893-xh4g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63430?format=api", "purl": "pkg:composer/typo3/cms@4.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.4" } ], "aliases": [ "CVE-2012-3527", "GHSA-m4hw-r893-xh4g" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dz2n-vpss-zqe9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111039?format=api", "vulnerability_id": "VCID-emf6-2wa5-2yc7", "summary": "Typo3 Backend History Module Vulnerable to XSS\nCross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6145", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41383", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41458", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6145" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79965", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79965" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6145", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6145" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/06/19/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/06/19/4" }, { "reference_url": "https://github.com/advisories/GHSA-w563-rq37-cvq5", "reference_id": "GHSA-w563-rq37-cvq5", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w563-rq37-cvq5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63427?format=api", "purl": "pkg:composer/typo3/cms@4.7.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.6" } ], "aliases": [ "CVE-2012-6145", "GHSA-w563-rq37-cvq5" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-emf6-2wa5-2yc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112338?format=api", "vulnerability_id": "VCID-j4zg-ekjr-jycg", "summary": "TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component\nMultiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.", "references": [ { "reference_url": "http://osvdb.org/100881", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://osvdb.org/100881" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7074", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56645", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56593", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/473", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q4/473" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/487", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q4/487" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89620", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89620" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7074", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7074" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2834", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2834" }, { "reference_url": "http://www.securityfocus.com/bid/64245", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/64245" }, { "reference_url": "https://github.com/advisories/GHSA-r8m7-792j-5jvq", "reference_id": "GHSA-r8m7-792j-5jvq", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-r8m7-792j-5jvq" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63485?format=api", "purl": "pkg:composer/typo3/cms@4.7.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/63486?format=api", "purl": "pkg:composer/typo3/cms@6.0.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/63487?format=api", "purl": "pkg:composer/typo3/cms@6.1.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.7" } ], "aliases": [ "CVE-2013-7074", "GHSA-r8m7-792j-5jvq" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j4zg-ekjr-jycg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111462?format=api", "vulnerability_id": "VCID-jppr-qkg2-ebc9", "summary": "TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component\nThe Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a \"missing signature.\"", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7075", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61556", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61507", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/473", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q4/473" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7075", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7075" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2834", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2834" }, { "reference_url": "https://github.com/advisories/GHSA-47ww-mq32-g4xw", "reference_id": "GHSA-47ww-mq32-g4xw", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-47ww-mq32-g4xw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63485?format=api", "purl": "pkg:composer/typo3/cms@4.7.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/63486?format=api", "purl": "pkg:composer/typo3/cms@6.0.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/63487?format=api", "purl": "pkg:composer/typo3/cms@6.1.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.7" } ], "aliases": [ "CVE-2013-7075", "GHSA-47ww-mq32-g4xw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jppr-qkg2-ebc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111536?format=api", "vulnerability_id": "VCID-ksmp-ds38-z3dd", "summary": "Typo3 Exception Handler XSS\nCross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.", "references": [ { "reference_url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000241.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000241.html" }, { "reference_url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000242.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000242.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2112", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66457", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00503", "scoring_system": "epss", "scoring_elements": "0.66498", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2112" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74920", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74920" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2112", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2112" }, { "reference_url": "https://web.archive.org/web/20120421201555/http://www.securityfocus.com/bid/53047", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20120421201555/http://www.securityfocus.com/bid/53047" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2455", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2455" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/04/17/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/04/17/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/04/18/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/04/18/1" }, { "reference_url": "https://github.com/advisories/GHSA-qfr3-29w6-hwpg", "reference_id": "GHSA-qfr3-29w6-hwpg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qfr3-29w6-hwpg" } ], "fixed_packages": [], "aliases": [ "CVE-2012-2112", "GHSA-qfr3-29w6-hwpg" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ksmp-ds38-z3dd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44113?format=api", "vulnerability_id": "VCID-mebb-nda6-fbfk", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIncomplete block list vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3530", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.69071", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00573", "scoring_system": "epss", "scoring_elements": "0.69111", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3530" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77794", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77794" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2537", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2537" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/22/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3530", "reference_id": "CVE-2012-3530", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3530" }, { "reference_url": "https://github.com/advisories/GHSA-94c2-g68f-9r98", "reference_id": "GHSA-94c2-g68f-9r98", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-94c2-g68f-9r98" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63430?format=api", "purl": "pkg:composer/typo3/cms@4.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.4" } ], "aliases": [ "CVE-2012-3530", "GHSA-94c2-g68f-9r98" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mebb-nda6-fbfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111747?format=api", "vulnerability_id": "VCID-n8w2-c67q-fkd5", "summary": "Typo3 Backend XSS Vulnerability\nMultiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3528", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.6729", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00522", "scoring_system": "epss", "scoring_elements": "0.67249", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3528" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77792", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77792" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3528", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3528" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2537", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2012/dsa-2537" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/08/22/8", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2012/08/22/8" }, { "reference_url": "https://github.com/advisories/GHSA-7w6c-5pr4-7qvp", "reference_id": "GHSA-7w6c-5pr4-7qvp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-7w6c-5pr4-7qvp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63430?format=api", "purl": "pkg:composer/typo3/cms@4.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.4" } ], "aliases": [ "CVE-2012-3528", "GHSA-7w6c-5pr4-7qvp" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n8w2-c67q-fkd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44139?format=api", "vulnerability_id": "VCID-nx7p-v66a-vfg1", "summary": "TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component\nThe Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.51201", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00275", "scoring_system": "epss", "scoring_elements": "0.5114", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/473", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q4/473" }, { "reference_url": "http://seclists.org/oss-sec/2013/q4/487", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/oss-sec/2013/q4/487" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2834", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2834" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7073", "reference_id": "CVE-2013-7073", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7073" }, { "reference_url": "https://github.com/advisories/GHSA-4rpv-g4gq-rh4m", "reference_id": "GHSA-4rpv-g4gq-rh4m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4rpv-g4gq-rh4m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63485?format=api", "purl": "pkg:composer/typo3/cms@4.7.17", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/63486?format=api", "purl": "pkg:composer/typo3/cms@6.0.12", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.12" }, { "url": "http://public2.vulnerablecode.io/api/packages/63487?format=api", "purl": "pkg:composer/typo3/cms@6.1.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.7" } ], "aliases": [ "CVE-2013-7073", "GHSA-4rpv-g4gq-rh4m" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nx7p-v66a-vfg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44112?format=api", "vulnerability_id": "VCID-ra42-mjmq-cfa6", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6144", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00595", "scoring_system": "epss", "scoring_elements": "0.69679", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00595", "scoring_system": "epss", "scoring_elements": "0.69719", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6144" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79964", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79964" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/06/19/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/06/19/4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6144", "reference_id": "CVE-2012-6144", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6144" }, { "reference_url": "https://github.com/advisories/GHSA-947m-vgqc-x6v4", "reference_id": "GHSA-947m-vgqc-x6v4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-947m-vgqc-x6v4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63427?format=api", "purl": "pkg:composer/typo3/cms@4.7.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.6" } ], "aliases": [ "CVE-2012-6144", "GHSA-947m-vgqc-x6v4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ra42-mjmq-cfa6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111509?format=api", "vulnerability_id": "VCID-t9q4-xnmg-p3hz", "summary": "Typo3 Backend API XSS Vulnerability\nCross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41458", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00196", "scoring_system": "epss", "scoring_elements": "0.41383", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6147" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79967", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79967" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6147", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6147" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/06/19/4", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2013/06/19/4" }, { "reference_url": "https://github.com/advisories/GHSA-qmmw-ch2q-j6xx", "reference_id": "GHSA-qmmw-ch2q-j6xx", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qmmw-ch2q-j6xx" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63427?format=api", "purl": "pkg:composer/typo3/cms@4.7.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.6" } ], "aliases": [ "CVE-2012-6147", "GHSA-qmmw-ch2q-j6xx" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t9q4-xnmg-p3hz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/111984?format=api", "vulnerability_id": "VCID-ue3u-mrsa-3yd2", "summary": "Typo3 Backend History Module Vulnerable to XSS\nThe Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6146", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.38832", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00176", "scoring_system": "epss", "scoring_elements": "0.3892", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6146" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6146", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6146" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/" }, { "reference_url": "https://github.com/advisories/GHSA-2hp4-8h6h-93rr", "reference_id": "GHSA-2hp4-8h6h-93rr", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2hp4-8h6h-93rr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63427?format=api", "purl": "pkg:composer/typo3/cms@4.7.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.6" } ], "aliases": [ "CVE-2012-6146", "GHSA-2hp4-8h6h-93rr" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ue3u-mrsa-3yd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43798?format=api", "vulnerability_id": "VCID-wasp-gawc-cbca", "summary": "TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code\nThe Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3942", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63636", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00442", "scoring_system": "epss", "scoring_elements": "0.63594", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2014-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2014-001" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2942", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2942" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/06/03/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/06/03/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3942", "reference_id": "CVE-2014-3942", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3942" }, { "reference_url": "https://github.com/advisories/GHSA-55g3-fjwm-w2c8", "reference_id": "GHSA-55g3-fjwm-w2c8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-55g3-fjwm-w2c8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62895?format=api", "purl": "pkg:composer/typo3/cms@4.7.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/62896?format=api", "purl": "pkg:composer/typo3/cms@6.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f2m-tcjn-fyby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/62897?format=api", "purl": "pkg:composer/typo3/cms@6.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.9" } ], "aliases": [ "CVE-2014-3942", "GHSA-55g3-fjwm-w2c8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wasp-gawc-cbca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/112160?format=api", "vulnerability_id": "VCID-wzje-a1jd-2bgx", "summary": "Typo3 Function Menu API XSS Vulnerability\nCross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6148", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45169", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45237", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-6148" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79968", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79968" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6148", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6148" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/" }, { "reference_url": "https://github.com/advisories/GHSA-rgf6-9q7g-55qg", "reference_id": "GHSA-rgf6-9q7g-55qg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-rgf6-9q7g-55qg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/63427?format=api", "purl": "pkg:composer/typo3/cms@4.7.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.6" } ], "aliases": [ "CVE-2012-6148", "GHSA-rgf6-9q7g-55qg" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wzje-a1jd-2bgx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43930?format=api", "vulnerability_id": "VCID-yphc-ujay-7fcs", "summary": "Typo3 Host Header Spoofing Vulnerability\nTYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to \"Host Spoofing.\"", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3941", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51314", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00276", "scoring_system": "epss", "scoring_elements": "0.51253", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3941" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001" }, { "reference_url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2942", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2942" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/06/03/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/06/03/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3941", "reference_id": "CVE-2014-3941", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3941" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3941.yaml", "reference_id": "CVE-2014-3941.YAML", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3941.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-594h-cx6w-p4jf", "reference_id": "GHSA-594h-cx6w-p4jf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-594h-cx6w-p4jf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62895?format=api", "purl": "pkg:composer/typo3/cms@4.7.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/62896?format=api", "purl": "pkg:composer/typo3/cms@6.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f2m-tcjn-fyby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/62897?format=api", "purl": "pkg:composer/typo3/cms@6.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/51878?format=api", "purl": "pkg:composer/typo3/cms@6.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ef6-uy9t-mqcu" }, { "vulnerability": "VCID-1efr-h9gq-r7h1" }, { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-1usv-hs5c-akb2" }, { "vulnerability": "VCID-2f2m-tcjn-fyby" }, { "vulnerability": "VCID-2r7u-mc45-8yhe" }, { "vulnerability": "VCID-39jx-muqb-nkfq" }, { "vulnerability": "VCID-3ump-aca5-g7b6" }, { "vulnerability": "VCID-4wnp-gusy-43b8" }, { "vulnerability": "VCID-5dxs-cdht-27hw" }, { "vulnerability": "VCID-5hm4-ms5p-uuae" }, { "vulnerability": "VCID-5ppx-p8eq-mbgk" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-6su8-bbrw-hbhp" }, { "vulnerability": "VCID-6u6t-uy5y-5fd6" }, { "vulnerability": "VCID-727q-h3ey-6yc9" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-83y4-7q4j-h7f8" }, { "vulnerability": "VCID-8jcy-3kje-fqeh" }, { "vulnerability": "VCID-8p64-6zpt-t3av" }, { "vulnerability": "VCID-8vum-snng-jfcv" }, { "vulnerability": "VCID-95wn-6r9b-q7et" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-a1kt-str6-rqec" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-bstt-ybrs-5ua3" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dd9u-w2y2-87h9" }, { "vulnerability": "VCID-dw8z-wtph-skey" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ebku-sk43-m7bf" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ekvp-u4kk-kqdd" }, { "vulnerability": "VCID-eutz-mj58-audb" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-exjy-5cyn-zfg1" }, { "vulnerability": "VCID-fgn1-hswd-ekdf" }, { "vulnerability": "VCID-fgqa-5fx9-nkaz" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-g7mm-vjbw-bbhd" }, { "vulnerability": "VCID-g9ns-sxkx-aqh1" }, { "vulnerability": "VCID-gbdn-7ce2-zuf7" }, { "vulnerability": "VCID-h217-xe8x-nua3" }, { "vulnerability": "VCID-h7hf-sf2q-73ay" }, { "vulnerability": "VCID-hm4k-wbq3-r7ej" }, { "vulnerability": "VCID-huxd-2e6q-abak" }, { "vulnerability": "VCID-hzma-cduk-3uhp" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jbkw-4x2d-fqcp" }, { "vulnerability": "VCID-jenc-czvj-g3gw" }, { "vulnerability": "VCID-jeqr-9tfu-f7b2" }, { "vulnerability": "VCID-jf28-91be-6kbr" }, { "vulnerability": "VCID-jmea-qzsr-wkf4" }, { "vulnerability": "VCID-jn38-wfec-7bb2" }, { "vulnerability": "VCID-jx9x-wxwq-5khx" }, { "vulnerability": "VCID-kj76-rsr8-yqb3" }, { "vulnerability": "VCID-kp2p-nbmg-ufen" }, { "vulnerability": "VCID-kqu8-8c1n-73hr" }, { "vulnerability": "VCID-ks1q-a8x2-uqht" }, { "vulnerability": "VCID-m3nc-xbb4-yubr" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-n326-yy8y-xuap" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-nvbp-pbjw-3qgx" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-r6hu-hvdh-abb1" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-rs13-zf7b-mka7" }, { "vulnerability": "VCID-s4re-vww7-sugb" }, { "vulnerability": "VCID-s97a-nmk8-y3ay" }, { "vulnerability": "VCID-sdz8-hju8-4bcb" }, { "vulnerability": "VCID-sn8n-mawq-3uht" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u37d-tqqe-n7d4" }, { "vulnerability": "VCID-u4tq-8qnk-5fd7" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-v2qy-dbf2-bffn" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-w58p-3wg1-7ycr" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wk4s-4bcd-2yb5" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-x175-xjek-97ds" }, { "vulnerability": "VCID-xpxg-qq49-b7fd" }, { "vulnerability": "VCID-xt7m-u9eb-fyd9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y1ap-y4az-x7ec" }, { "vulnerability": "VCID-yn6z-9v7k-x7br" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-zhvz-jzf3-2uac" }, { "vulnerability": "VCID-zpxz-291y-x3c7" }, { "vulnerability": "VCID-zru2-9g25-77dc" }, { "vulnerability": "VCID-zrz3-3dnf-tbay" }, { "vulnerability": "VCID-zybp-mb3d-jyee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.3" } ], "aliases": [ "CVE-2014-3941", "GHSA-594h-cx6w-p4jf" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yphc-ujay-7fcs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43975?format=api", "vulnerability_id": "VCID-zqe5-53je-mfaw", "summary": "Typo3 XSS Vulnerabilities\nMultiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3943", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43198", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00208", "scoring_system": "epss", "scoring_elements": "0.43123", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3943" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2014-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2014-001" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001" }, { "reference_url": "https://web.archive.org/web/20200229060129/http://www.securityfocus.com/bid/67625", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20200229060129/http://www.securityfocus.com/bid/67625" }, { "reference_url": "http://www.debian.org/security/2014/dsa-2942", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2014/dsa-2942" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2014/06/03/2", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2014/06/03/2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3943", "reference_id": "CVE-2014-3943", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3943" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3943.yaml", "reference_id": "CVE-2014-3943.YAML", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3943.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-qqh2-h6gw-6x8x", "reference_id": "GHSA-qqh2-h6gw-6x8x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-qqh2-h6gw-6x8x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62895?format=api", "purl": "pkg:composer/typo3/cms@4.7.19", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.19" }, { "url": "http://public2.vulnerablecode.io/api/packages/62896?format=api", "purl": "pkg:composer/typo3/cms@6.0.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2f2m-tcjn-fyby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/62897?format=api", "purl": "pkg:composer/typo3/cms@6.1.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/51878?format=api", "purl": "pkg:composer/typo3/cms@6.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ef6-uy9t-mqcu" }, { "vulnerability": "VCID-1efr-h9gq-r7h1" }, { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-1usv-hs5c-akb2" }, { "vulnerability": "VCID-2f2m-tcjn-fyby" }, { "vulnerability": "VCID-2r7u-mc45-8yhe" }, { "vulnerability": "VCID-39jx-muqb-nkfq" }, { "vulnerability": "VCID-3ump-aca5-g7b6" }, { "vulnerability": "VCID-4wnp-gusy-43b8" }, { "vulnerability": "VCID-5dxs-cdht-27hw" }, { "vulnerability": "VCID-5hm4-ms5p-uuae" }, { "vulnerability": "VCID-5ppx-p8eq-mbgk" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-6su8-bbrw-hbhp" }, { "vulnerability": "VCID-6u6t-uy5y-5fd6" }, { "vulnerability": "VCID-727q-h3ey-6yc9" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-83y4-7q4j-h7f8" }, { "vulnerability": "VCID-8jcy-3kje-fqeh" }, { "vulnerability": "VCID-8p64-6zpt-t3av" }, { "vulnerability": "VCID-8vum-snng-jfcv" }, { "vulnerability": "VCID-95wn-6r9b-q7et" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-a1kt-str6-rqec" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-bstt-ybrs-5ua3" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dd9u-w2y2-87h9" }, { "vulnerability": "VCID-dw8z-wtph-skey" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ebku-sk43-m7bf" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ekvp-u4kk-kqdd" }, { "vulnerability": "VCID-eutz-mj58-audb" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-exjy-5cyn-zfg1" }, { "vulnerability": "VCID-fgn1-hswd-ekdf" }, { "vulnerability": "VCID-fgqa-5fx9-nkaz" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-g7mm-vjbw-bbhd" }, { "vulnerability": "VCID-g9ns-sxkx-aqh1" }, { "vulnerability": "VCID-gbdn-7ce2-zuf7" }, { "vulnerability": "VCID-h217-xe8x-nua3" }, { "vulnerability": "VCID-h7hf-sf2q-73ay" }, { "vulnerability": "VCID-hm4k-wbq3-r7ej" }, { "vulnerability": "VCID-huxd-2e6q-abak" }, { "vulnerability": "VCID-hzma-cduk-3uhp" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jbkw-4x2d-fqcp" }, { "vulnerability": "VCID-jenc-czvj-g3gw" }, { "vulnerability": "VCID-jeqr-9tfu-f7b2" }, { "vulnerability": "VCID-jf28-91be-6kbr" }, { "vulnerability": "VCID-jmea-qzsr-wkf4" }, { "vulnerability": "VCID-jn38-wfec-7bb2" }, { "vulnerability": "VCID-jx9x-wxwq-5khx" }, { "vulnerability": "VCID-kj76-rsr8-yqb3" }, { "vulnerability": "VCID-kp2p-nbmg-ufen" }, { "vulnerability": "VCID-kqu8-8c1n-73hr" }, { "vulnerability": "VCID-ks1q-a8x2-uqht" }, { "vulnerability": "VCID-m3nc-xbb4-yubr" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-n326-yy8y-xuap" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-nvbp-pbjw-3qgx" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-r6hu-hvdh-abb1" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-rs13-zf7b-mka7" }, { "vulnerability": "VCID-s4re-vww7-sugb" }, { "vulnerability": "VCID-s97a-nmk8-y3ay" }, { "vulnerability": "VCID-sdz8-hju8-4bcb" }, { "vulnerability": "VCID-sn8n-mawq-3uht" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u37d-tqqe-n7d4" }, { "vulnerability": "VCID-u4tq-8qnk-5fd7" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-v2qy-dbf2-bffn" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-w58p-3wg1-7ycr" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wk4s-4bcd-2yb5" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-x175-xjek-97ds" }, { "vulnerability": "VCID-xpxg-qq49-b7fd" }, { "vulnerability": "VCID-xt7m-u9eb-fyd9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y1ap-y4az-x7ec" }, { "vulnerability": "VCID-yn6z-9v7k-x7br" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-zhvz-jzf3-2uac" }, { "vulnerability": "VCID-zpxz-291y-x3c7" }, { "vulnerability": "VCID-zru2-9g25-77dc" }, { "vulnerability": "VCID-zrz3-3dnf-tbay" }, { "vulnerability": "VCID-zybp-mb3d-jyee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.3" } ], "aliases": [ "CVE-2014-3943", "GHSA-qqh2-h6gw-6x8x" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zqe5-53je-mfaw" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.0" }