Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/54802?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54802?format=api", "vulnerability_id": "VCID-rzx5-nv6h-qqhg", "summary": "TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController\n### Problem\nFailing to properly encode user-controlled values in file entities, the `ShowImageController` (_eID tx_cms_showpic_) is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to file entities.\n\n### Solution\nUpdate to TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 that fix the problem described.\n\n### Credits\nThanks to TYPO3 security team member Torben Hansen who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue.\n\n### References\n* [TYPO3-CORE-SA-2024-009](https://typo3.org/security/advisory/typo3-core-sa-2024-009)", "aliases": [ { "alias": "CVE-2024-34357" }, { "alias": "GHSA-hw6c-6gwq-3m3m" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/81272?format=api", "purl": "pkg:composer/typo3/cms-core@11.5.37", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.37" }, { "url": "http://public2.vulnerablecode.io/api/packages/81273?format=api", "purl": "pkg:composer/typo3/cms-core@12.4.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/81274?format=api", "purl": "pkg:composer/typo3/cms-core@13.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.1.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56073?format=api", "purl": "pkg:composer/typo3/cms-core@9.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1knh-es99-dubw" }, { "vulnerability": "VCID-1prg-c74k-37ec" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-23ss-xwrm-1qcu" }, { "vulnerability": "VCID-2m67-xdxz-ryc2" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-3ebd-765h-j3g7" }, { "vulnerability": "VCID-3hta-35zx-zuc4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4q6d-bd3h-t7f4" }, { "vulnerability": "VCID-4rfq-u488-sbh5" }, { "vulnerability": "VCID-51k2-j834-pffb" }, { "vulnerability": "VCID-5nq2-nchj-fkc8" }, { "vulnerability": "VCID-5ync-ktk5-23gh" }, { "vulnerability": "VCID-6ffw-r4k7-5qf8" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-6q7t-kdrg-8qc3" }, { "vulnerability": "VCID-6rgp-dzw1-kycx" }, { "vulnerability": "VCID-78ff-k66z-bkh7" }, { "vulnerability": "VCID-7ch1-q9f4-a7bt" }, { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-7snt-7hyt-1fbx" }, { "vulnerability": "VCID-8216-asqx-f7eb" }, { "vulnerability": "VCID-82ds-xda8-5ye4" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-87ej-qn3k-t3dy" }, { "vulnerability": "VCID-8sek-v483-8ueu" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9mpc-hjjh-u3d2" }, { "vulnerability": "VCID-a1g9-pyz5-9fca" }, { "vulnerability": "VCID-an3r-c2yp-1bbd" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-bzqv-s7g3-wff9" }, { "vulnerability": "VCID-cf9m-qdyj-eyav" }, { "vulnerability": "VCID-cgny-nmk3-4fcd" }, { "vulnerability": "VCID-cq82-qt6v-dfhz" }, { "vulnerability": "VCID-cv9x-ea8e-pufu" }, { "vulnerability": "VCID-daz8-j1ns-rkgt" }, { "vulnerability": "VCID-dzrt-8tny-kbcy" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-e8ze-umec-a7hx" }, { "vulnerability": "VCID-e9jc-8mpp-fkgh" }, { "vulnerability": "VCID-efrn-3w2z-xyaf" }, { "vulnerability": "VCID-eq57-btkt-hug8" }, { "vulnerability": "VCID-etcc-43a3-a7ek" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-f9pk-cwyr-a7cv" }, { "vulnerability": "VCID-fgkd-jp96-cbcs" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-g3t9-1yx2-6ufd" }, { "vulnerability": "VCID-gemf-j9uj-jka1" }, { "vulnerability": "VCID-gvag-nxmd-s7d1" }, { "vulnerability": "VCID-hfcx-1kuh-p3ez" }, { "vulnerability": "VCID-hnyk-614g-yuhy" }, { "vulnerability": "VCID-hr6r-88m3-9udv" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-k8r2-2ak8-qkak" }, { "vulnerability": "VCID-ke39-846j-kbh3" }, { "vulnerability": "VCID-myhc-dyh9-xygg" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-n56h-zuzr-ruhf" }, { "vulnerability": "VCID-nyw8-q5ef-2fcv" }, { "vulnerability": "VCID-pwh8-c992-vqav" }, { "vulnerability": "VCID-qr1u-kcn9-cuf6" }, { "vulnerability": "VCID-qtyt-338b-ayay" }, { "vulnerability": "VCID-qxab-9uwr-yqhv" }, { "vulnerability": "VCID-rzx5-nv6h-qqhg" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-uaf3-fyst-u7gm" }, { "vulnerability": "VCID-uhrk-ad4f-nqgh" }, { "vulnerability": "VCID-uncp-sa58-ufdd" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-v7b1-x8hy-2kcg" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-wm4a-hcvt-vkbk" }, { "vulnerability": "VCID-x3n3-tsjh-8kby" }, { "vulnerability": "VCID-x5jb-yj3d-qbdf" }, { "vulnerability": "VCID-y3zj-acc7-jkau" }, { "vulnerability": "VCID-yf3d-yyzq-guh1" }, { "vulnerability": "VCID-ygw1-vqxg-z3h3" }, { "vulnerability": "VCID-z2bk-m2kw-h3c9" }, { "vulnerability": "VCID-z718-97ez-r7g3" }, { "vulnerability": "VCID-zbm9-cx69-wqg3" }, { "vulnerability": "VCID-zeut-9wfp-q7et" }, { "vulnerability": "VCID-zhcb-h8ph-7uhk" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/58460?format=api", "purl": "pkg:composer/typo3/cms-core@10.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-1sfk-z8py-ykb8" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-2tz2-8qdm-2kcv" }, { "vulnerability": "VCID-3hta-35zx-zuc4" }, { "vulnerability": "VCID-4an7-9ph4-mkd4" }, { "vulnerability": "VCID-4rfq-u488-sbh5" }, { "vulnerability": "VCID-6a22-c7x5-sqe2" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-6urp-p9mn-cffv" }, { "vulnerability": "VCID-78ff-k66z-bkh7" }, { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-7snt-7hyt-1fbx" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-8w4e-d49b-nbg8" }, { "vulnerability": "VCID-9tpm-8udy-c3cd" }, { "vulnerability": "VCID-a1g9-pyz5-9fca" }, { "vulnerability": "VCID-an3r-c2yp-1bbd" }, { "vulnerability": "VCID-bbh5-rss8-bfct" }, { "vulnerability": "VCID-bzqv-s7g3-wff9" }, { "vulnerability": "VCID-e6zr-4bgg-kkh5" }, { "vulnerability": "VCID-etcc-43a3-a7ek" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fgkd-jp96-cbcs" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-gxsd-4nd9-gqgn" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-myhc-dyh9-xygg" }, { "vulnerability": "VCID-n1gz-y615-cbbk" }, { "vulnerability": "VCID-r3az-g422-gqf9" }, { "vulnerability": "VCID-rzx5-nv6h-qqhg" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-x3n3-tsjh-8kby" }, { "vulnerability": "VCID-y3zj-acc7-jkau" }, { "vulnerability": "VCID-ygw1-vqxg-z3h3" }, { "vulnerability": "VCID-zkvq-bms4-gfcv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/58462?format=api", "purl": "pkg:composer/typo3/cms-core@11.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ffs-9vj5-27hk" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-3hta-35zx-zuc4" }, { "vulnerability": "VCID-6a22-c7x5-sqe2" }, { "vulnerability": "VCID-6mnf-2fcw-dqgp" }, { "vulnerability": "VCID-6urp-p9mn-cffv" }, { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-7snt-7hyt-1fbx" }, { "vulnerability": "VCID-848u-w88s-5bbe" }, { "vulnerability": "VCID-9tpm-8udy-c3cd" }, { "vulnerability": "VCID-a1g9-pyz5-9fca" }, { "vulnerability": "VCID-an3r-c2yp-1bbd" }, { "vulnerability": "VCID-bzqv-s7g3-wff9" }, { "vulnerability": "VCID-c46m-ht19-ybc4" }, { "vulnerability": "VCID-etcc-43a3-a7ek" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fgkd-jp96-cbcs" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-fsx8-7qjz-2ubw" }, { "vulnerability": "VCID-gxsd-4nd9-gqgn" }, { "vulnerability": "VCID-j8hk-bqnb-gycp" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-myhc-dyh9-xygg" }, { "vulnerability": "VCID-p3nb-urds-euf3" }, { "vulnerability": "VCID-rzx5-nv6h-qqhg" }, { "vulnerability": "VCID-sdjb-gp4t-vbgt" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-x3n3-tsjh-8kby" }, { "vulnerability": "VCID-y3zj-acc7-jkau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63852?format=api", "purl": "pkg:composer/typo3/cms-core@12.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hta-35zx-zuc4" }, { "vulnerability": "VCID-5e9k-tfy9-ufcx" }, { "vulnerability": "VCID-6a22-c7x5-sqe2" }, { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-7snt-7hyt-1fbx" }, { "vulnerability": "VCID-9tpm-8udy-c3cd" }, { "vulnerability": "VCID-an3r-c2yp-1bbd" }, { "vulnerability": "VCID-bzqv-s7g3-wff9" }, { "vulnerability": "VCID-etcc-43a3-a7ek" }, { "vulnerability": "VCID-fgkd-jp96-cbcs" }, { "vulnerability": "VCID-gxsd-4nd9-gqgn" }, { "vulnerability": "VCID-myhc-dyh9-xygg" }, { "vulnerability": "VCID-p3nb-urds-euf3" }, { "vulnerability": "VCID-rzx5-nv6h-qqhg" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-x3n3-tsjh-8kby" }, { "vulnerability": "VCID-y3zj-acc7-jkau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/68933?format=api", "purl": "pkg:composer/typo3/cms-core@13.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3hta-35zx-zuc4" }, { "vulnerability": "VCID-5e9k-tfy9-ufcx" }, { "vulnerability": "VCID-7r4g-gxc6-hubh" }, { "vulnerability": "VCID-7snt-7hyt-1fbx" }, { "vulnerability": "VCID-9tpm-8udy-c3cd" }, { "vulnerability": "VCID-an3r-c2yp-1bbd" }, { "vulnerability": "VCID-c91z-btmf-87dz" }, { "vulnerability": "VCID-etcc-43a3-a7ek" }, { "vulnerability": "VCID-fgkd-jp96-cbcs" }, { "vulnerability": "VCID-myhc-dyh9-xygg" }, { "vulnerability": "VCID-p3nb-urds-euf3" }, { "vulnerability": "VCID-rzx5-nv6h-qqhg" }, { "vulnerability": "VCID-uua1-9rt1-dfbz" }, { "vulnerability": "VCID-uw3m-2f4s-s3fj" }, { "vulnerability": "VCID-w94g-xxea-23fb" }, { "vulnerability": "VCID-x3n3-tsjh-8kby" }, { "vulnerability": "VCID-y3zj-acc7-jkau" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.0" } ], "references": [ { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/376474904f6b9a54dc1b785a2e45277cbd13b0d7", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/376474904f6b9a54dc1b785a2e45277cbd13b0d7" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/b31d05d1da3eeaeead2d19eb43b1c3f9c88e15ee", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/b31d05d1da3eeaeead2d19eb43b1c3f9c88e15ee" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/d774642381354d3bf5095a5a26e18acd2767f0b1", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/d774642381354d3bf5095a5a26e18acd2767f0b1" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2024-009", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2024-009" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34357", "reference_id": "CVE-2024-34357", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34357" }, { "reference_url": "https://github.com/advisories/GHSA-hw6c-6gwq-3m3m", "reference_id": "GHSA-hw6c-6gwq-3m3m", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hw6c-6gwq-3m3m" }, { "reference_url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-hw6c-6gwq-3m3m", "reference_id": "GHSA-hw6c-6gwq-3m3m", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-hw6c-6gwq-3m3m" } ], "weaknesses": [ { "cwe_id": 79, "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rzx5-nv6h-qqhg" }