Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/typo3/cms-core@8.7.7

Type composer

Namespace typo3

Name cms-core

Version 8.7.7

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 9.5.25

Latest_non_vulnerable_version 14.0.2

Affected_by_vulnerabilities

url VCID-1ffs-9vj5-27hk

vulnerability_id VCID-1ffs-9vj5-27hk

summary

Path Traversal
Due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default `_fileDenyPattern_` successfully blocked files like `_.htaccess_` or `_malicious.php_`. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21357

reference_id

reference_type

scores

value	0.01121
scoring_system	epss
scoring_elements	0.78584
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21357

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21357.yaml

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21357.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21357.yaml

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21357.yaml

reference_url

https://packagist.org/packages/typo3/cms-form

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://packagist.org/packages/typo3/cms-form

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2021-003

reference_id

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2021-003

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21357

reference_id

CVE-2021-21357

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21357

reference_url	https://github.com/advisories/GHSA-3vg7-jw9m-pc3f
reference_id	GHSA-3vg7-jw9m-pc3f
reference_type
scores
url	https://github.com/advisories/GHSA-3vg7-jw9m-pc3f

reference_url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f

reference_id

GHSA-3vg7-jw9m-pc3f

reference_type

scores

value	8.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f

fixed_packages

url pkg:composer/typo3/cms-core@8.7.40

purl pkg:composer/typo3/cms-core@8.7.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j8hk-bqnb-gycp

vulnerability	VCID-sdjb-gp4t-vbgt

vulnerability	VCID-uq77-aax5-k7d8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.40

url	pkg:composer/typo3/cms-core@9.5.25
purl	pkg:composer/typo3/cms-core@9.5.25
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.25

url	pkg:composer/typo3/cms-core@10.4.14
purl	pkg:composer/typo3/cms-core@10.4.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.14

url	pkg:composer/typo3/cms-core@11.1.1
purl	pkg:composer/typo3/cms-core@11.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.1.1

aliases CVE-2021-21357, GHSA-3vg7-jw9m-pc3f

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1ffs-9vj5-27hk

url VCID-1knh-es99-dubw

vulnerability_id VCID-1knh-es99-dubw

summary

Code Injection
Arbitrary Code Execution and Cross-Site Scripting in Backend API.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2019-019/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2019-019/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.27

purl pkg:composer/typo3/cms-core@8.7.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.27

url pkg:composer/typo3/cms-core@9.5.8

purl pkg:composer/typo3/cms-core@9.5.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.8

aliases GMS-2019-168

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1knh-es99-dubw

url VCID-1prg-c74k-37ec

vulnerability_id VCID-1prg-c74k-37ec

summary

Code Injection
Arbitrary Code Execution via File List Module.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2019-008/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2019-008/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.23

purl pkg:composer/typo3/cms-core@8.7.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23

url pkg:composer/typo3/cms-core@9.5.4

purl pkg:composer/typo3/cms-core@9.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4

aliases GMS-2019-158

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1prg-c74k-37ec

url VCID-2m67-xdxz-ryc2

vulnerability_id VCID-2m67-xdxz-ryc2

summary

Improper Authentication
Authentication Bypass in TYPO3 CMS.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-001/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-001/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.17

purl pkg:composer/typo3/cms-core@8.7.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-b92x-56ng-3ygy

vulnerability	VCID-cg7w-xkyg-abgj

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-daz8-j1ns-rkgt

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-e9jc-8mpp-fkgh

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-nyw8-q5ef-2fcv

vulnerability	VCID-pwh8-c992-vqav

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-uaf3-fyst-u7gm

vulnerability	VCID-uncp-sa58-ufdd

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-z2bk-m2kw-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.17

url pkg:composer/typo3/cms-core@9.3.2

purl pkg:composer/typo3/cms-core@9.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-daz8-j1ns-rkgt

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-e9jc-8mpp-fkgh

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-nyw8-q5ef-2fcv

vulnerability	VCID-pwh8-c992-vqav

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-uaf3-fyst-u7gm

vulnerability	VCID-uncp-sa58-ufdd

vulnerability	VCID-v7b1-x8hy-2kcg

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-z2bk-m2kw-h3c9

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.3.2

aliases GMS-2018-81

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2m67-xdxz-ryc2

url VCID-6ffw-r4k7-5qf8

vulnerability_id VCID-6ffw-r4k7-5qf8

summary Security Misconfiguration in Frontend Session Handling.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2019-018/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2019-018/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.27

purl pkg:composer/typo3/cms-core@8.7.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.27

url pkg:composer/typo3/cms-core@9.5.8

purl pkg:composer/typo3/cms-core@9.5.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.8

aliases GMS-2019-167

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ffw-r4k7-5qf8

url VCID-6q7t-kdrg-8qc3

vulnerability_id VCID-6q7t-kdrg-8qc3

summary Security Misconfiguration for Backend User Accounts.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2019-002/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2019-002/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.23

purl pkg:composer/typo3/cms-core@8.7.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23

url pkg:composer/typo3/cms-core@9.5.4

purl pkg:composer/typo3/cms-core@9.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4

aliases GMS-2019-153

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6q7t-kdrg-8qc3

url VCID-6rgp-dzw1-kycx

vulnerability_id VCID-6rgp-dzw1-kycx

summary

Cross-site Scripting
Cross-Site Scripting in Bootstrap CSS toolkit.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2019-006/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2019-006/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.23

purl pkg:composer/typo3/cms-core@8.7.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23

url pkg:composer/typo3/cms-core@9.5.4

purl pkg:composer/typo3/cms-core@9.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4

aliases GMS-2019-156

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6rgp-dzw1-kycx

url VCID-7ch1-q9f4-a7bt

vulnerability_id VCID-7ch1-q9f4-a7bt

summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
In Bootstrap, XSS is possible in the data-target property of scrollspy.

references

reference_url

http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html

reference_url

http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html

reference_url

https://access.redhat.com/errata/RHSA-2019:1456

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2019:1456

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14041.json

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14041.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14041

reference_id

reference_type

scores

value	0.07723
scoring_system	epss
scoring_elements	0.92076
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14041

reference_url

https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3
scoring_elements

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2

reference_url

http://seclists.org/fulldisclosure/2019/May/10

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2019/May/10

reference_url

http://seclists.org/fulldisclosure/2019/May/11

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2019/May/11

reference_url

http://seclists.org/fulldisclosure/2019/May/13

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://seclists.org/fulldisclosure/2019/May/13

reference_url

https://github.com/twbs/bootstrap

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/twbs/bootstrap

reference_url

https://github.com/twbs/bootstrap/issues/26423

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/twbs/bootstrap/issues/26423

reference_url

https://github.com/twbs/bootstrap/issues/26627

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/twbs/bootstrap/issues/26627

reference_url

https://github.com/twbs/bootstrap/pull/26630

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/twbs/bootstrap/pull/26630

reference_url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E

reference_url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E

reference_url

https://seclists.org/bugtraq/2019/May/18

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://seclists.org/bugtraq/2019/May/18

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2019-006

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2019-006

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1601616
reference_id	1601616
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1601616

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-14041

reference_id

CVE-2018-14041

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-14041

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml

reference_id

CVE-2018-14041.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml

reference_id

CVE-2018-14041.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml

reference_url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml

reference_id

CVE-2018-14041.YML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml

reference_url	https://github.com/advisories/GHSA-pj7m-g53m-7638
reference_id	GHSA-pj7m-g53m-7638
reference_type
scores
url	https://github.com/advisories/GHSA-pj7m-g53m-7638

reference_url	https://access.redhat.com/errata/RHSA-2023:0552
reference_id	RHSA-2023:0552
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0552

reference_url	https://access.redhat.com/errata/RHSA-2023:0553
reference_id	RHSA-2023:0553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0553

reference_url	https://access.redhat.com/errata/RHSA-2023:0554
reference_id	RHSA-2023:0554
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0554

reference_url	https://access.redhat.com/errata/RHSA-2023:0556
reference_id	RHSA-2023:0556
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0556

reference_url	https://access.redhat.com/errata/RHSA-2023:5693
reference_id	RHSA-2023:5693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5693

fixed_packages

url pkg:composer/typo3/cms-core@8.7.23

purl pkg:composer/typo3/cms-core@8.7.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23

url pkg:composer/typo3/cms-core@9.5.4

purl pkg:composer/typo3/cms-core@9.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4

aliases CVE-2018-14041, GHSA-pj7m-g53m-7638

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7ch1-q9f4-a7bt

url VCID-82ds-xda8-5ye4

vulnerability_id VCID-82ds-xda8-5ye4

summary Insecure Deserialization in TYPO3 CMS.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2019-020/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2019-020/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.27

purl pkg:composer/typo3/cms-core@8.7.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.27

url pkg:composer/typo3/cms-core@9.5.8

purl pkg:composer/typo3/cms-core@9.5.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.8

aliases GMS-2019-169

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-82ds-xda8-5ye4

url VCID-848u-w88s-5bbe

vulnerability_id VCID-848u-w88s-5bbe

summary

Unrestricted Upload of File with Dangerous Type
Due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default `_fileDenyPattern_` successfully blocked files like `_.htaccess_` or `_malicious.php_`. Additionally, `_UploadedFileReferenceConverter_` transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, `_UploadedFileReferenceConverter_` accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location `_/fileadmin/user_upload/_`, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21355

reference_id

reference_type

scores

value	0.00416
scoring_system	epss
scoring_elements	0.62059
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21355

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21355.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21355.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21355.yaml

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21355.yaml

reference_url

https://packagist.org/packages/typo3/cms-form

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://packagist.org/packages/typo3/cms-form

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2021-002

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2021-002

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21355

reference_id

CVE-2021-21355

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21355

reference_url	https://github.com/advisories/GHSA-2r6j-862c-m2v2
reference_id	GHSA-2r6j-862c-m2v2
reference_type
scores
url	https://github.com/advisories/GHSA-2r6j-862c-m2v2

reference_url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2

reference_id

GHSA-2r6j-862c-m2v2

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2

fixed_packages

url pkg:composer/typo3/cms-core@8.7.40

purl pkg:composer/typo3/cms-core@8.7.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j8hk-bqnb-gycp

vulnerability	VCID-sdjb-gp4t-vbgt

vulnerability	VCID-uq77-aax5-k7d8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.40

url	pkg:composer/typo3/cms-core@9.5.25
purl	pkg:composer/typo3/cms-core@9.5.25
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.25

url	pkg:composer/typo3/cms-core@10.4.14
purl	pkg:composer/typo3/cms-core@10.4.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.14

url	pkg:composer/typo3/cms-core@11.1.1
purl	pkg:composer/typo3/cms-core@11.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.1.1

aliases CVE-2021-21355, GHSA-2r6j-862c-m2v2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-848u-w88s-5bbe

url VCID-8sek-v483-8ueu

vulnerability_id VCID-8sek-v483-8ueu

summary

Code Injection
Possible Arbitrary Code Execution in Image Processing.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2019-012/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2019-012/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.25

purl pkg:composer/typo3/cms-core@8.7.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-cbmm-1b2k-8qaz

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.25

url pkg:composer/typo3/cms-core@9.5.6

purl pkg:composer/typo3/cms-core@9.5.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cbmm-1b2k-8qaz

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.6

aliases GMS-2019-162

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8sek-v483-8ueu

url VCID-b92x-56ng-3ygy

vulnerability_id VCID-b92x-56ng-3ygy

summary

Uncontrolled Resource Consumption
Denial of Service in Frontend Record Registration.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-012/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-012/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.21

purl pkg:composer/typo3/cms-core@8.7.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-cg7w-xkyg-abgj

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-wm4a-hcvt-vkbk

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21

url pkg:composer/typo3/cms-core@9.0.0

purl pkg:composer/typo3/cms-core@9.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11sw-6x9k-vued

vulnerability	VCID-13up-fwbr-17am

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-2m67-xdxz-ryc2

vulnerability	VCID-2rhr-8vaz-hqfj

vulnerability	VCID-2rmv-a83x-9ka8

vulnerability	VCID-36cz-khgc-6fft

vulnerability	VCID-3ebd-765h-j3g7

vulnerability	VCID-3hta-35zx-zuc4

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-4q6d-bd3h-t7f4

vulnerability	VCID-4rfq-u488-sbh5

vulnerability	VCID-51k2-j834-pffb

vulnerability	VCID-5k47-9k7t-rqak

vulnerability	VCID-5nq2-nchj-fkc8

vulnerability	VCID-5ync-ktk5-23gh

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-6xgm-uan4-u7fu

vulnerability	VCID-78ff-k66z-bkh7

vulnerability	VCID-7auq-pwty-pkfh

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7r4g-gxc6-hubh

vulnerability	VCID-7snt-7hyt-1fbx

vulnerability	VCID-8216-asqx-f7eb

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-87ej-qn3k-t3dy

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-9c49-n1a2-pubu

vulnerability	VCID-9mpc-hjjh-u3d2

vulnerability	VCID-a1g9-pyz5-9fca

vulnerability	VCID-an3r-c2yp-1bbd

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-bzqv-s7g3-wff9

vulnerability	VCID-cf9m-qdyj-eyav

vulnerability	VCID-cgny-nmk3-4fcd

vulnerability	VCID-cq82-qt6v-dfhz

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-daz8-j1ns-rkgt

vulnerability	VCID-dzrt-8tny-kbcy

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-e9jc-8mpp-fkgh

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-eq57-btkt-hug8

vulnerability	VCID-etcc-43a3-a7ek

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-f9pk-cwyr-a7cv

vulnerability	VCID-fgkd-jp96-cbcs

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-g3t9-1yx2-6ufd

vulnerability	VCID-gbev-1zs8-8bac

vulnerability	VCID-gemf-j9uj-jka1

vulnerability	VCID-gvag-nxmd-s7d1

vulnerability	VCID-hfcx-1kuh-p3ez

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-hr6r-88m3-9udv

vulnerability	VCID-hsw8-nbs6-auaa

vulnerability	VCID-j8hk-bqnb-gycp

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-ke39-846j-kbh3

vulnerability	VCID-myhc-dyh9-xygg

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-nyw8-q5ef-2fcv

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pwh8-c992-vqav

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-qtyt-338b-ayay

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-rzx5-nv6h-qqhg

vulnerability	VCID-sdjb-gp4t-vbgt

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-tzpj-j3x1-ekgk

vulnerability	VCID-uaf3-fyst-u7gm

vulnerability	VCID-uhrk-ad4f-nqgh

vulnerability	VCID-un7r-8sah-33cr

vulnerability	VCID-uncp-sa58-ufdd

vulnerability	VCID-uq77-aax5-k7d8

vulnerability	VCID-uua1-9rt1-dfbz

vulnerability	VCID-v7b1-x8hy-2kcg

vulnerability	VCID-w94g-xxea-23fb

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-x3n3-tsjh-8kby

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y3zj-acc7-jkau

vulnerability	VCID-yf3d-yyzq-guh1

vulnerability	VCID-ygw1-vqxg-z3h3

100

vulnerability	VCID-z2bk-m2kw-h3c9

101

vulnerability	VCID-z718-97ez-r7g3

102

vulnerability	VCID-zbm9-cx69-wqg3

103

vulnerability	VCID-zeut-9wfp-q7et

104

vulnerability	VCID-zhcb-h8ph-7uhk

105

vulnerability	VCID-zkvq-bms4-gfcv

106

vulnerability	VCID-zybp-mb3d-jyee

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.0.0

aliases GMS-2018-91

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b92x-56ng-3ygy

url VCID-cf9m-qdyj-eyav

vulnerability_id VCID-cf9m-qdyj-eyav

summary Privilege Escalation & SQL Injection in TYPO3 CMS.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-003/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-003/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.17

purl pkg:composer/typo3/cms-core@8.7.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-b92x-56ng-3ygy

vulnerability	VCID-cg7w-xkyg-abgj

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-daz8-j1ns-rkgt

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-e9jc-8mpp-fkgh

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-nyw8-q5ef-2fcv

vulnerability	VCID-pwh8-c992-vqav

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-uaf3-fyst-u7gm

vulnerability	VCID-uncp-sa58-ufdd

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-z2bk-m2kw-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.17

url pkg:composer/typo3/cms-core@9.3.2

purl pkg:composer/typo3/cms-core@9.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-daz8-j1ns-rkgt

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-e9jc-8mpp-fkgh

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-nyw8-q5ef-2fcv

vulnerability	VCID-pwh8-c992-vqav

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-uaf3-fyst-u7gm

vulnerability	VCID-uncp-sa58-ufdd

vulnerability	VCID-v7b1-x8hy-2kcg

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-z2bk-m2kw-h3c9

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.3.2

aliases GMS-2018-83

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cf9m-qdyj-eyav

url VCID-cg7w-xkyg-abgj

vulnerability_id VCID-cg7w-xkyg-abgj

summary

Improper Access Control
Broken Access Control in Localization Handling.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2019-003/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2019-003/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.23

purl pkg:composer/typo3/cms-core@8.7.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23

url pkg:composer/typo3/cms-core@9.0.0

purl pkg:composer/typo3/cms-core@9.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-11sw-6x9k-vued

vulnerability	VCID-13up-fwbr-17am

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-2m67-xdxz-ryc2

vulnerability	VCID-2rhr-8vaz-hqfj

vulnerability	VCID-2rmv-a83x-9ka8

vulnerability	VCID-36cz-khgc-6fft

vulnerability	VCID-3ebd-765h-j3g7

vulnerability	VCID-3hta-35zx-zuc4

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-4q6d-bd3h-t7f4

vulnerability	VCID-4rfq-u488-sbh5

vulnerability	VCID-51k2-j834-pffb

vulnerability	VCID-5k47-9k7t-rqak

vulnerability	VCID-5nq2-nchj-fkc8

vulnerability	VCID-5ync-ktk5-23gh

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-6xgm-uan4-u7fu

vulnerability	VCID-78ff-k66z-bkh7

vulnerability	VCID-7auq-pwty-pkfh

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-7r4g-gxc6-hubh

vulnerability	VCID-7snt-7hyt-1fbx

vulnerability	VCID-8216-asqx-f7eb

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-87ej-qn3k-t3dy

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-9c49-n1a2-pubu

vulnerability	VCID-9mpc-hjjh-u3d2

vulnerability	VCID-a1g9-pyz5-9fca

vulnerability	VCID-an3r-c2yp-1bbd

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-bzqv-s7g3-wff9

vulnerability	VCID-cf9m-qdyj-eyav

vulnerability	VCID-cgny-nmk3-4fcd

vulnerability	VCID-cq82-qt6v-dfhz

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-daz8-j1ns-rkgt

vulnerability	VCID-dzrt-8tny-kbcy

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-e9jc-8mpp-fkgh

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-eq57-btkt-hug8

vulnerability	VCID-etcc-43a3-a7ek

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-f9pk-cwyr-a7cv

vulnerability	VCID-fgkd-jp96-cbcs

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-g3t9-1yx2-6ufd

vulnerability	VCID-gbev-1zs8-8bac

vulnerability	VCID-gemf-j9uj-jka1

vulnerability	VCID-gvag-nxmd-s7d1

vulnerability	VCID-hfcx-1kuh-p3ez

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-hr6r-88m3-9udv

vulnerability	VCID-hsw8-nbs6-auaa

vulnerability	VCID-j8hk-bqnb-gycp

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-ke39-846j-kbh3

vulnerability	VCID-myhc-dyh9-xygg

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-nyw8-q5ef-2fcv

vulnerability	VCID-p7gd-anw2-1qbz

vulnerability	VCID-pwh8-c992-vqav

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-qtyt-338b-ayay

vulnerability	VCID-qv14-m93d-jyd9

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-rqrw-t2kj-mud8

vulnerability	VCID-rzx5-nv6h-qqhg

vulnerability	VCID-sdjb-gp4t-vbgt

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-tzpj-j3x1-ekgk

vulnerability	VCID-uaf3-fyst-u7gm

vulnerability	VCID-uhrk-ad4f-nqgh

vulnerability	VCID-un7r-8sah-33cr

vulnerability	VCID-uncp-sa58-ufdd

vulnerability	VCID-uq77-aax5-k7d8

vulnerability	VCID-uua1-9rt1-dfbz

vulnerability	VCID-v7b1-x8hy-2kcg

vulnerability	VCID-w94g-xxea-23fb

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-x3n3-tsjh-8kby

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-xw1s-93bu-wuh9

vulnerability	VCID-y3zj-acc7-jkau

vulnerability	VCID-yf3d-yyzq-guh1

vulnerability	VCID-ygw1-vqxg-z3h3

100

vulnerability	VCID-z2bk-m2kw-h3c9

101

vulnerability	VCID-z718-97ez-r7g3

102

vulnerability	VCID-zbm9-cx69-wqg3

103

vulnerability	VCID-zeut-9wfp-q7et

104

vulnerability	VCID-zhcb-h8ph-7uhk

105

vulnerability	VCID-zkvq-bms4-gfcv

106

vulnerability	VCID-zybp-mb3d-jyee

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.0.0

aliases GMS-2019-154

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cg7w-xkyg-abgj

url VCID-cv9x-ea8e-pufu

vulnerability_id VCID-cv9x-ea8e-pufu

summary

Cross-site Scripting
Cross-Site Scripting in Link Handling.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2019-015/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2019-015/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.27

purl pkg:composer/typo3/cms-core@8.7.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.27

url pkg:composer/typo3/cms-core@9.5.8

purl pkg:composer/typo3/cms-core@9.5.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.8

aliases GMS-2019-166

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cv9x-ea8e-pufu

url VCID-daz8-j1ns-rkgt

vulnerability_id VCID-daz8-j1ns-rkgt

summary Information Disclosure in Install Tool.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-010/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-010/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.21

purl pkg:composer/typo3/cms-core@8.7.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-cg7w-xkyg-abgj

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-wm4a-hcvt-vkbk

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21

url pkg:composer/typo3/cms-core@9.5.2

purl pkg:composer/typo3/cms-core@9.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-v7b1-x8hy-2kcg

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2

aliases GMS-2018-89

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-daz8-j1ns-rkgt

url VCID-e8ze-umec-a7hx

vulnerability_id VCID-e8ze-umec-a7hx

summary Information Disclosure in Backend User Interface.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2019-014/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2019-014/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.27

purl pkg:composer/typo3/cms-core@8.7.27

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.27

url pkg:composer/typo3/cms-core@9.5.8

purl pkg:composer/typo3/cms-core@9.5.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.8

aliases GMS-2019-165

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e8ze-umec-a7hx

url VCID-e9jc-8mpp-fkgh

vulnerability_id VCID-e9jc-8mpp-fkgh

summary Security Misconfiguration in Install Tool Cookie.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-009/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-009/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.21

purl pkg:composer/typo3/cms-core@8.7.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-cg7w-xkyg-abgj

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-wm4a-hcvt-vkbk

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21

url pkg:composer/typo3/cms-core@9.5.2

purl pkg:composer/typo3/cms-core@9.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-v7b1-x8hy-2kcg

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2

aliases GMS-2018-88

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e9jc-8mpp-fkgh

url VCID-ev4k-5k1d-2bhu

vulnerability_id VCID-ev4k-5k1d-2bhu

summary

URL Redirection to Untrusted Site (Open Redirect)
Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21338

reference_id

reference_type

scores

value	0.00253
scoring_system	epss
scoring_elements	0.48774
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21338

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml

reference_url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp

reference_url

https://packagist.org/packages/typo3/cms-core

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://packagist.org/packages/typo3/cms-core

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2021-001

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2021-001

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21338

reference_id

CVE-2021-21338

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21338

fixed_packages

url pkg:composer/typo3/cms-core@8.7.40

purl pkg:composer/typo3/cms-core@8.7.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j8hk-bqnb-gycp

vulnerability	VCID-sdjb-gp4t-vbgt

vulnerability	VCID-uq77-aax5-k7d8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.40

url	pkg:composer/typo3/cms-core@9.5.25
purl	pkg:composer/typo3/cms-core@9.5.25
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.25

url	pkg:composer/typo3/cms-core@10.4.14
purl	pkg:composer/typo3/cms-core@10.4.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.14

url	pkg:composer/typo3/cms-core@11.1.1
purl	pkg:composer/typo3/cms-core@11.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.1.1

aliases CVE-2021-21338, GHSA-4jhw-2p6j-5wmp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ev4k-5k1d-2bhu

url VCID-fqkx-v8t5-q3h6

vulnerability_id VCID-fqkx-v8t5-q3h6

summary

Cleartext Storage of Sensitive Information
User session identifiers are stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - for example SQL injection in any other component of the system.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21339

reference_id

reference_type

scores

value	0.00132
scoring_system	epss
scoring_elements	0.32224
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21339

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml

reference_url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch

reference_url

https://packagist.org/packages/typo3/cms-core

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://packagist.org/packages/typo3/cms-core

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2021-006

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2021-006

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21339

reference_id

CVE-2021-21339

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21339

fixed_packages

url pkg:composer/typo3/cms-core@8.7.40

purl pkg:composer/typo3/cms-core@8.7.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j8hk-bqnb-gycp

vulnerability	VCID-sdjb-gp4t-vbgt

vulnerability	VCID-uq77-aax5-k7d8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.40

url	pkg:composer/typo3/cms-core@9.5.25
purl	pkg:composer/typo3/cms-core@9.5.25
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.25

url	pkg:composer/typo3/cms-core@10.4.14
purl	pkg:composer/typo3/cms-core@10.4.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.14

url	pkg:composer/typo3/cms-core@11.1.1
purl	pkg:composer/typo3/cms-core@11.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.1.1

aliases CVE-2021-21339, GHSA-qx3w-4864-94ch

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fqkx-v8t5-q3h6

url VCID-hfcx-1kuh-p3ez

vulnerability_id VCID-hfcx-1kuh-p3ez

summary Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-002/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-002/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.17

purl pkg:composer/typo3/cms-core@8.7.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-b92x-56ng-3ygy

vulnerability	VCID-cg7w-xkyg-abgj

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-daz8-j1ns-rkgt

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-e9jc-8mpp-fkgh

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-nyw8-q5ef-2fcv

vulnerability	VCID-pwh8-c992-vqav

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-uaf3-fyst-u7gm

vulnerability	VCID-uncp-sa58-ufdd

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-z2bk-m2kw-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.17

url pkg:composer/typo3/cms-core@9.3.2

purl pkg:composer/typo3/cms-core@9.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-daz8-j1ns-rkgt

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-e9jc-8mpp-fkgh

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-nyw8-q5ef-2fcv

vulnerability	VCID-pwh8-c992-vqav

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-uaf3-fyst-u7gm

vulnerability	VCID-uncp-sa58-ufdd

vulnerability	VCID-v7b1-x8hy-2kcg

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-z2bk-m2kw-h3c9

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.3.2

aliases GMS-2018-82

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hfcx-1kuh-p3ez

url VCID-hnyk-614g-yuhy

vulnerability_id VCID-hnyk-614g-yuhy

summary Security Misconfiguration in User Session Handling.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2019-011/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2019-011/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.25

purl pkg:composer/typo3/cms-core@8.7.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-cbmm-1b2k-8qaz

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.25

url pkg:composer/typo3/cms-core@9.5.6

purl pkg:composer/typo3/cms-core@9.5.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cbmm-1b2k-8qaz

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.6

aliases GMS-2019-161

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hnyk-614g-yuhy

url VCID-jp1p-rfxa-hyd9

vulnerability_id VCID-jp1p-rfxa-hyd9

summary

Cross-site Scripting
Content elements of type `_menu_` are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-21370

reference_id

reference_type

scores

value	0.00342
scoring_system	epss
scoring_elements	0.57112
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-21370

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml

reference_url

https://packagist.org/packages/typo3/cms-backend

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://packagist.org/packages/typo3/cms-backend

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2021-008

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2021-008

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-21370

reference_id

CVE-2021-21370

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-21370

reference_url	https://github.com/advisories/GHSA-x7hc-x7fm-f7qh
reference_id	GHSA-x7hc-x7fm-f7qh
reference_type
scores
url	https://github.com/advisories/GHSA-x7hc-x7fm-f7qh

reference_url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh

reference_id

GHSA-x7hc-x7fm-f7qh

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh

fixed_packages

url pkg:composer/typo3/cms-core@8.7.40

purl pkg:composer/typo3/cms-core@8.7.40

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-j8hk-bqnb-gycp

vulnerability	VCID-sdjb-gp4t-vbgt

vulnerability	VCID-uq77-aax5-k7d8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.40

url	pkg:composer/typo3/cms-core@9.5.25
purl	pkg:composer/typo3/cms-core@9.5.25
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.25

url	pkg:composer/typo3/cms-core@10.4.14
purl	pkg:composer/typo3/cms-core@10.4.14
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.14

url	pkg:composer/typo3/cms-core@11.1.1
purl	pkg:composer/typo3/cms-core@11.1.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.1.1

aliases CVE-2021-21370, GHSA-x7hc-x7fm-f7qh

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jp1p-rfxa-hyd9

url VCID-k8r2-2ak8-qkak

vulnerability_id VCID-k8r2-2ak8-qkak

summary

Cross-site Scripting
Cross-Site Scripting in Form Framework.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2019-007/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2019-007/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.23

purl pkg:composer/typo3/cms-core@8.7.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23

url pkg:composer/typo3/cms-core@9.5.4

purl pkg:composer/typo3/cms-core@9.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4

aliases GMS-2019-157

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8r2-2ak8-qkak

url VCID-n56h-zuzr-ruhf

vulnerability_id VCID-n56h-zuzr-ruhf

summary

Cross-site Scripting
Cross-Site Scripting in Fluid `ViewHelpers`.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2019-005/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2019-005/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.23

purl pkg:composer/typo3/cms-core@8.7.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23

url pkg:composer/typo3/cms-core@9.5.4

purl pkg:composer/typo3/cms-core@9.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4

aliases GMS-2019-155

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n56h-zuzr-ruhf

url VCID-nyw8-q5ef-2fcv

vulnerability_id VCID-nyw8-q5ef-2fcv

summary

Uncontrolled Resource Consumption
Denial of Service in Online Media Asset Handling.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-011/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-011/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.21

purl pkg:composer/typo3/cms-core@8.7.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-cg7w-xkyg-abgj

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-wm4a-hcvt-vkbk

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21

url pkg:composer/typo3/cms-core@9.5.2

purl pkg:composer/typo3/cms-core@9.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-v7b1-x8hy-2kcg

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2

aliases GMS-2018-90

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nyw8-q5ef-2fcv

url VCID-pwh8-c992-vqav

vulnerability_id VCID-pwh8-c992-vqav

summary

Cross-site Scripting
Cross-Site Scripting in CKEditor.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-005/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-005/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.21

purl pkg:composer/typo3/cms-core@8.7.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-cg7w-xkyg-abgj

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-wm4a-hcvt-vkbk

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21

url pkg:composer/typo3/cms-core@9.5.2

purl pkg:composer/typo3/cms-core@9.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-v7b1-x8hy-2kcg

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2

aliases GMS-2018-92

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pwh8-c992-vqav

url VCID-qr1u-kcn9-cuf6

vulnerability_id VCID-qr1u-kcn9-cuf6

summary

Cross-site Scripting
Cross-Site Scripting in Fluid Engine.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2019-013/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2019-013/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.25

purl pkg:composer/typo3/cms-core@8.7.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-cbmm-1b2k-8qaz

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.25

url pkg:composer/typo3/cms-core@9.5.6

purl pkg:composer/typo3/cms-core@9.5.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cbmm-1b2k-8qaz

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.6

aliases GMS-2019-160

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qr1u-kcn9-cuf6

url VCID-qxab-9uwr-yqhv

vulnerability_id VCID-qxab-9uwr-yqhv

summary

Cross-site Scripting
CKEditor allows user-assisted XSS involving a source-mode paste.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-17960

reference_id

reference_type

scores

value	0.02024
scoring_system	epss
scoring_elements	0.84092
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-17960

reference_url

https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released

reference_url	https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/
reference_id
reference_type
scores
url	https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/

reference_url

https://ckeditor.com/cke4/release/CKEditor-4.11.0

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://ckeditor.com/cke4/release/CKEditor-4.11.0

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2018-005

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2018-005

reference_url

https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205

reference_url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217
reference_id	1015217
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-17960

reference_id

CVE-2018-17960

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-17960

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml

reference_id

CVE-2018-17960.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml

reference_id

CVE-2018-17960.YAML

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml

reference_url

https://github.com/advisories/GHSA-g68x-vvqq-pvw3

reference_id

GHSA-g68x-vvqq-pvw3

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-g68x-vvqq-pvw3

fixed_packages

url pkg:composer/typo3/cms-core@8.7.21

purl pkg:composer/typo3/cms-core@8.7.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-cg7w-xkyg-abgj

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-wm4a-hcvt-vkbk

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21

url pkg:composer/typo3/cms-core@9.5.2

purl pkg:composer/typo3/cms-core@9.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-v7b1-x8hy-2kcg

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2

aliases CVE-2018-17960, GHSA-g68x-vvqq-pvw3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxab-9uwr-yqhv

url VCID-tgyt-axv1-c7ag

vulnerability_id VCID-tgyt-axv1-c7ag

summary

Cross-site Scripting
TYPO3 is an open source PHP based web content management system. In TYPO3 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 that fix the problem described.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-26227

reference_id

reference_type

scores

value	0.00359
scoring_system	epss
scoring_elements	0.5838
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-26227

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-26227.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-26227.yaml

reference_url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-26227.yaml

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-26227.yaml

reference_url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf

reference_url

https://packagist.org/packages/typo3/cms-core

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://packagist.org/packages/typo3/cms-core

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2020-010

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-core-sa-2020-010

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-26227

reference_id

CVE-2020-26227

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-26227

fixed_packages

url	pkg:composer/typo3/cms-core@8.7.38
purl	pkg:composer/typo3/cms-core@8.7.38
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.38

url pkg:composer/typo3/cms-core@9.5.23

purl pkg:composer/typo3/cms-core@9.5.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.23

url pkg:composer/typo3/cms-core@10.4.10

purl pkg:composer/typo3/cms-core@10.4.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6urp-p9mn-cffv

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-c46m-ht19-ybc4

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-jp1p-rfxa-hyd9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.10

aliases CVE-2020-26227, GHSA-vqqx-jw6p-q3rf

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tgyt-axv1-c7ag

url VCID-uaf3-fyst-u7gm

vulnerability_id VCID-uaf3-fyst-u7gm

summary

Cross-site Scripting
Cross-Site Scripting in Backend Modal Component.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-007/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-007/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.21

purl pkg:composer/typo3/cms-core@8.7.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-cg7w-xkyg-abgj

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-wm4a-hcvt-vkbk

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21

url pkg:composer/typo3/cms-core@9.5.2

purl pkg:composer/typo3/cms-core@9.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-v7b1-x8hy-2kcg

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2

aliases GMS-2018-86

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uaf3-fyst-u7gm

url VCID-uncp-sa58-ufdd

vulnerability_id VCID-uncp-sa58-ufdd

summary

Cross-site Scripting
Cross-Site Scripting in Online Media Asset Rendering.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-006/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-006/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.21

purl pkg:composer/typo3/cms-core@8.7.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-cg7w-xkyg-abgj

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-wm4a-hcvt-vkbk

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21

url pkg:composer/typo3/cms-core@9.5.2

purl pkg:composer/typo3/cms-core@9.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-v7b1-x8hy-2kcg

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2

aliases GMS-2018-85

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uncp-sa58-ufdd

url VCID-wm4a-hcvt-vkbk

vulnerability_id VCID-wm4a-hcvt-vkbk

summary Information Disclosure of Installed Extensions.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2019-001/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2019-001/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.23

purl pkg:composer/typo3/cms-core@8.7.23

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23

url pkg:composer/typo3/cms-core@9.5.4

purl pkg:composer/typo3/cms-core@9.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4

aliases GMS-2019-152

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wm4a-hcvt-vkbk

url VCID-z2bk-m2kw-h3c9

vulnerability_id VCID-z2bk-m2kw-h3c9

summary

Cross-site Scripting
Cross-Site Scripting in Frontend User Login.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-008/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-008/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.21

purl pkg:composer/typo3/cms-core@8.7.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-cg7w-xkyg-abgj

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-wm4a-hcvt-vkbk

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21

url pkg:composer/typo3/cms-core@9.5.2

purl pkg:composer/typo3/cms-core@9.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-v7b1-x8hy-2kcg

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2

aliases GMS-2018-87

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z2bk-m2kw-h3c9

url VCID-zbm9-cx69-wqg3

vulnerability_id VCID-zbm9-cx69-wqg3

summary Insecure Deserialization in TYPO3 CMS.

references

reference_url	https://typo3.org/security/advisory/typo3-core-sa-2018-004/
reference_id
reference_type
scores
url	https://typo3.org/security/advisory/typo3-core-sa-2018-004/

fixed_packages

url pkg:composer/typo3/cms-core@8.7.17

purl pkg:composer/typo3/cms-core@8.7.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-b92x-56ng-3ygy

vulnerability	VCID-cg7w-xkyg-abgj

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-daz8-j1ns-rkgt

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-e9jc-8mpp-fkgh

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-nyw8-q5ef-2fcv

vulnerability	VCID-pwh8-c992-vqav

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-uaf3-fyst-u7gm

vulnerability	VCID-uncp-sa58-ufdd

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-z2bk-m2kw-h3c9

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.17

url pkg:composer/typo3/cms-core@9.3.2

purl pkg:composer/typo3/cms-core@9.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-1sfk-z8py-ykb8

vulnerability	VCID-23ss-xwrm-1qcu

vulnerability	VCID-4an7-9ph4-mkd4

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6mnf-2fcw-dqgp

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-8w4e-d49b-nbg8

vulnerability	VCID-bbh5-rss8-bfct

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-daz8-j1ns-rkgt

vulnerability	VCID-e6zr-4bgg-kkh5

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-e9jc-8mpp-fkgh

vulnerability	VCID-efrn-3w2z-xyaf

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n1gz-y615-cbbk

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-nyw8-q5ef-2fcv

vulnerability	VCID-pwh8-c992-vqav

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-uaf3-fyst-u7gm

vulnerability	VCID-uncp-sa58-ufdd

vulnerability	VCID-v7b1-x8hy-2kcg

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-x5jb-yj3d-qbdf

vulnerability	VCID-z2bk-m2kw-h3c9

vulnerability	VCID-zeut-9wfp-q7et

vulnerability	VCID-zhcb-h8ph-7uhk

vulnerability	VCID-zkvq-bms4-gfcv

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.3.2

aliases GMS-2018-84

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zbm9-cx69-wqg3

Fixing_vulnerabilities

url VCID-nqqc-nkwq-rqhx

vulnerability_id VCID-nqqc-nkwq-rqhx

summary

Cross-site Scripting
`svg.swf` in TYPO3 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a `contrib/websvg/svg.swf` pathname.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-8091

reference_id

reference_type

scores

value	0.20517
scoring_system	epss
scoring_elements	0.95671
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-8091

reference_url

https://github.com/TYPO3/typo3

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3

reference_url

https://github.com/TYPO3/typo3/blob/4cb53e828bd5138d180cdf9cac1ccf7fd31086d2/typo3/sysext/core/Documentation/Changelog/7.2/Breaking-65962-WebSVGLibraryAndAPIRemoved.rst

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3/blob/4cb53e828bd5138d180cdf9cac1ccf7fd31086d2/typo3/sysext/core/Documentation/Changelog/7.2/Breaking-65962-WebSVGLibraryAndAPIRemoved.rst

reference_url

https://github.com/TYPO3/typo3/commit/482e2e992f80f5e38cb48fcaea40fd9812a5252c

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3/commit/482e2e992f80f5e38cb48fcaea40fd9812a5252c

reference_url

https://typo3.org/security/advisory/typo3-psa-2019-003

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://typo3.org/security/advisory/typo3-psa-2019-003

reference_url

https://www.purplemet.com/blog/typo3-xss-vulnerability

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.purplemet.com/blog/typo3-xss-vulnerability

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-8091

reference_id

CVE-2020-8091

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-8091

fixed_packages

url pkg:composer/typo3/cms-core@8.7.7

purl pkg:composer/typo3/cms-core@8.7.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ffs-9vj5-27hk

vulnerability	VCID-1knh-es99-dubw

vulnerability	VCID-1prg-c74k-37ec

vulnerability	VCID-2m67-xdxz-ryc2

vulnerability	VCID-6ffw-r4k7-5qf8

vulnerability	VCID-6q7t-kdrg-8qc3

vulnerability	VCID-6rgp-dzw1-kycx

vulnerability	VCID-7ch1-q9f4-a7bt

vulnerability	VCID-82ds-xda8-5ye4

vulnerability	VCID-848u-w88s-5bbe

vulnerability	VCID-8sek-v483-8ueu

vulnerability	VCID-b92x-56ng-3ygy

vulnerability	VCID-cf9m-qdyj-eyav

vulnerability	VCID-cg7w-xkyg-abgj

vulnerability	VCID-cv9x-ea8e-pufu

vulnerability	VCID-daz8-j1ns-rkgt

vulnerability	VCID-e8ze-umec-a7hx

vulnerability	VCID-e9jc-8mpp-fkgh

vulnerability	VCID-ev4k-5k1d-2bhu

vulnerability	VCID-fqkx-v8t5-q3h6

vulnerability	VCID-hfcx-1kuh-p3ez

vulnerability	VCID-hnyk-614g-yuhy

vulnerability	VCID-jp1p-rfxa-hyd9

vulnerability	VCID-k8r2-2ak8-qkak

vulnerability	VCID-n56h-zuzr-ruhf

vulnerability	VCID-nyw8-q5ef-2fcv

vulnerability	VCID-pwh8-c992-vqav

vulnerability	VCID-qr1u-kcn9-cuf6

vulnerability	VCID-qxab-9uwr-yqhv

vulnerability	VCID-tgyt-axv1-c7ag

vulnerability	VCID-uaf3-fyst-u7gm

vulnerability	VCID-uncp-sa58-ufdd

vulnerability	VCID-wm4a-hcvt-vkbk

vulnerability	VCID-z2bk-m2kw-h3c9

vulnerability	VCID-zbm9-cx69-wqg3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.7

aliases CVE-2020-8091, GHSA-qvhv-pwww-53jj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nqqc-nkwq-rqhx

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.7

Package Instance