Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/54226?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54226?format=api", "vulnerability_id": "VCID-6urp-p9mn-cffv", "summary": "Cross-site Scripting\nDatabase fields used as `_descriptionColumn_` are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability.", "aliases": [ { "alias": "CVE-2021-21340" }, { "alias": "GHSA-fjh3-g8gq-9q92" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/80033?format=api", "purl": "pkg:composer/typo3/cms@10.4.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/80034?format=api", "purl": "pkg:composer/typo3/cms@11.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/80074?format=api", "purl": "pkg:composer/typo3/cms-backend@10.4.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-backend@10.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/80075?format=api", "purl": "pkg:composer/typo3/cms-backend@11.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-backend@11.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/80040?format=api", "purl": "pkg:composer/typo3/cms-core@10.4.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/80041?format=api", "purl": "pkg:composer/typo3/cms-core@11.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.1.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58452?format=api", "purl": "pkg:composer/typo3/cms@10.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-2tz2-8qdm-2kcv" }, { "vulnerability": "VCID-39vn-73mc-jqav" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-6a22-c7x5-sqe2" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-6urp-p9mn-cffv" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-a1g9-pyz5-9fca" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-qdxh-arxx-wbcr" }, { "vulnerability": "VCID-r3az-g422-gqf9" }, { "vulnerability": "VCID-rqrw-t2kj-mud8" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-wat8-4m83-hken" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/58454?format=api", "purl": "pkg:composer/typo3/cms@11.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-6a22-c7x5-sqe2" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-6urp-p9mn-cffv" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-a1g9-pyz5-9fca" }, { "vulnerability": "VCID-c46m-ht19-ybc4" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fsx8-7qjz-2ubw" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-uq77-aax5-k7d8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/73358?format=api", "purl": "pkg:composer/typo3/cms-backend@10.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38xy-51gr-4qha" }, { "vulnerability": "VCID-6urp-p9mn-cffv" }, { "vulnerability": "VCID-jef5-ydxc-87as" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-uc6r-hat7-4fez" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-backend@10.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/80072?format=api", "purl": "pkg:composer/typo3/cms-backend@10.4.13", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6urp-p9mn-cffv" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-backend@10.4.13" }, { "url": "http://public2.vulnerablecode.io/api/packages/73359?format=api", "purl": "pkg:composer/typo3/cms-backend@11.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-38xy-51gr-4qha" }, { "vulnerability": "VCID-6urp-p9mn-cffv" }, { "vulnerability": "VCID-jef5-ydxc-87as" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-uc6r-hat7-4fez" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-backend@11.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/80073?format=api", "purl": "pkg:composer/typo3/cms-backend@11.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6urp-p9mn-cffv" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-backend@11.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/58460?format=api", "purl": "pkg:composer/typo3/cms-core@10.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-2tz2-8qdm-2kcv" }, { "vulnerability": "VCID-3hta-35zx-zuc4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4rfq-u488-sbh5" }, { "vulnerability": "VCID-6a22-c7x5-sqe2" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-6urp-p9mn-cffv" }, { "vulnerability": "VCID-78ff-k66z-bkh7" }, { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-7snt-7hyt-1fbx" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9tpm-8udy-c3cd" }, { "vulnerability": "VCID-a1g9-pyz5-9fca" }, { "vulnerability": "VCID-an3r-c2yp-1bbd" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-bzqv-s7g3-wff9" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-etcc-43a3-a7ek" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fgkd-jp96-cbcs" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-gxsd-4nd9-gqgn" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-myhc-dyh9-xygg" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-r3az-g422-gqf9" }, { "vulnerability": "VCID-rzx5-nv6h-qqhg" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-x3n3-tsjh-8kby" }, { "vulnerability": "VCID-y3zj-acc7-jkau" }, { "vulnerability": "VCID-ygw1-vqxg-z3h3" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/58462?format=api", "purl": "pkg:composer/typo3/cms-core@11.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-3hta-35zx-zuc4" }, { "vulnerability": "VCID-6a22-c7x5-sqe2" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-6urp-p9mn-cffv" }, { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-7snt-7hyt-1fbx" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-9tpm-8udy-c3cd" }, { "vulnerability": "VCID-a1g9-pyz5-9fca" }, { "vulnerability": "VCID-an3r-c2yp-1bbd" }, { "vulnerability": "VCID-bzqv-s7g3-wff9" }, { "vulnerability": "VCID-c46m-ht19-ybc4" }, { "vulnerability": "VCID-etcc-43a3-a7ek" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fgkd-jp96-cbcs" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fsx8-7qjz-2ubw" }, { "vulnerability": "VCID-gxsd-4nd9-gqgn" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-myhc-dyh9-xygg" }, { "vulnerability": "VCID-p3nb-urds-euf3" }, { "vulnerability": "VCID-rzx5-nv6h-qqhg" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-x3n3-tsjh-8kby" }, { "vulnerability": "VCID-y3zj-acc7-jkau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.0.0" } ], "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21340", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00379", "scoring_system": "epss", "scoring_elements": "0.59738", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21340" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21340.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21340.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21340.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21340.yaml" }, { "reference_url": "https://packagist.org/packages/typo3/cms-backend", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://packagist.org/packages/typo3/cms-backend" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2021-007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2021-007" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21340", "reference_id": "CVE-2021-21340", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21340" }, { "reference_url": "https://github.com/advisories/GHSA-fjh3-g8gq-9q92", "reference_id": "GHSA-fjh3-g8gq-9q92", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fjh3-g8gq-9q92" }, { "reference_url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-fjh3-g8gq-9q92", "reference_id": "GHSA-fjh3-g8gq-9q92", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-fjh3-g8gq-9q92" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 79, "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6urp-p9mn-cffv" }