Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/55097?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/55097?format=api", "vulnerability_id": "VCID-w65h-8a9d-ckgj", "summary": "TYPO3 Cross-Site Scripting Vulnerability Exploitable by Editors\nIt has been discovered that link tags generated by typolink functionality in the website's frontend are vulnerable to cross-site scripting - values being assigned to HTML attributes have not been parsed correctly. A valid backend user account is needed to exploit this vulnerability.\n\nAs second and separate vulnerability in the filelist module of the backend user interface has been referenced with this advisory as well. Error messages being shown after using a malicious name for renaming a file are not propery encoded, thus vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability.", "aliases": [ { "alias": "GHSA-wp8j-c736-c5r3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52313?format=api", "purl": "pkg:composer/typo3/cms@6.2.14", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efr-h9gq-r7h1" }, { "vulnerability": "VCID-2r7u-mc45-8yhe" }, { "vulnerability": "VCID-39jx-muqb-nkfq" }, { "vulnerability": "VCID-5dxs-cdht-27hw" }, { "vulnerability": "VCID-5hm4-ms5p-uuae" }, { "vulnerability": "VCID-727q-h3ey-6yc9" }, { "vulnerability": "VCID-8jcy-3kje-fqeh" }, { "vulnerability": "VCID-8p64-6zpt-t3av" }, { "vulnerability": "VCID-8vum-snng-jfcv" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-dd9u-w2y2-87h9" }, { "vulnerability": "VCID-dw8z-wtph-skey" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ebku-sk43-m7bf" }, { "vulnerability": "VCID-eutz-mj58-audb" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-exjy-5cyn-zfg1" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-g9ns-sxkx-aqh1" }, { "vulnerability": "VCID-h217-xe8x-nua3" }, { "vulnerability": "VCID-h7hf-sf2q-73ay" }, { "vulnerability": "VCID-huxd-2e6q-abak" }, { "vulnerability": "VCID-hzma-cduk-3uhp" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jeqr-9tfu-f7b2" }, { "vulnerability": "VCID-kj76-rsr8-yqb3" }, { "vulnerability": "VCID-kqu8-8c1n-73hr" }, { "vulnerability": "VCID-ks1q-a8x2-uqht" }, { "vulnerability": "VCID-m3nc-xbb4-yubr" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-n326-yy8y-xuap" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-s97a-nmk8-y3ay" }, { "vulnerability": "VCID-sn8n-mawq-3uht" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u4tq-8qnk-5fd7" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-wk4s-4bcd-2yb5" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y1ap-y4az-x7ec" }, { "vulnerability": "VCID-yn6z-9v7k-x7br" }, { "vulnerability": "VCID-zrz3-3dnf-tbay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/62760?format=api", "purl": "pkg:composer/typo3/cms@7.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3ugj-6m1e-e3hr" }, { "vulnerability": "VCID-5hm4-ms5p-uuae" }, { "vulnerability": "VCID-8jcy-3kje-fqeh" }, { "vulnerability": "VCID-953t-q1cr-zyd6" }, { "vulnerability": "VCID-abjx-8v46-d7d8" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-dsqm-9q3e-dudw" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fdnw-2tz5-4fdr" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-hp99-ncuh-6ugv" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-jq5y-7h9g-mufa" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-njsj-bwjq-fyap" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-yz6t-ge1y-qfgr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/51877?format=api", "purl": "pkg:composer/typo3/cms@6.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1efr-h9gq-r7h1" }, { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-1usv-hs5c-akb2" }, { "vulnerability": "VCID-2f2m-tcjn-fyby" }, { "vulnerability": "VCID-2r7u-mc45-8yhe" }, { "vulnerability": "VCID-39jx-muqb-nkfq" }, { "vulnerability": "VCID-3ump-aca5-g7b6" }, { "vulnerability": "VCID-4fse-74hb-x3c9" }, { "vulnerability": "VCID-4wnp-gusy-43b8" }, { "vulnerability": "VCID-5dxs-cdht-27hw" }, { "vulnerability": "VCID-5hm4-ms5p-uuae" }, { "vulnerability": "VCID-5ppx-p8eq-mbgk" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-6su8-bbrw-hbhp" }, { "vulnerability": "VCID-6u6t-uy5y-5fd6" }, { "vulnerability": "VCID-727q-h3ey-6yc9" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-83y4-7q4j-h7f8" }, { "vulnerability": "VCID-88un-etsg-2qas" }, { "vulnerability": "VCID-8a22-muhx-13ek" }, { "vulnerability": "VCID-8jcy-3kje-fqeh" }, { "vulnerability": "VCID-8p64-6zpt-t3av" }, { "vulnerability": "VCID-8vum-snng-jfcv" }, { "vulnerability": "VCID-95wn-6r9b-q7et" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-a1kt-str6-rqec" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-bstt-ybrs-5ua3" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dd9u-w2y2-87h9" }, { "vulnerability": "VCID-dw8z-wtph-skey" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ebku-sk43-m7bf" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ekvp-u4kk-kqdd" }, { "vulnerability": "VCID-eutz-mj58-audb" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-exjy-5cyn-zfg1" }, { "vulnerability": "VCID-fgn1-hswd-ekdf" }, { "vulnerability": "VCID-fgqa-5fx9-nkaz" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-g7mm-vjbw-bbhd" }, { "vulnerability": "VCID-g9ns-sxkx-aqh1" }, { "vulnerability": "VCID-gbdn-7ce2-zuf7" }, { "vulnerability": "VCID-h217-xe8x-nua3" }, { "vulnerability": "VCID-h7hf-sf2q-73ay" }, { "vulnerability": "VCID-hm4k-wbq3-r7ej" }, { "vulnerability": "VCID-huxd-2e6q-abak" }, { "vulnerability": "VCID-hzma-cduk-3uhp" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jbkw-4x2d-fqcp" }, { "vulnerability": "VCID-jenc-czvj-g3gw" }, { "vulnerability": "VCID-jeqr-9tfu-f7b2" }, { "vulnerability": "VCID-jf28-91be-6kbr" }, { "vulnerability": "VCID-jmea-qzsr-wkf4" }, { "vulnerability": "VCID-jn38-wfec-7bb2" }, { "vulnerability": "VCID-jx9x-wxwq-5khx" }, { "vulnerability": "VCID-kj76-rsr8-yqb3" }, { "vulnerability": "VCID-kp2p-nbmg-ufen" }, { "vulnerability": "VCID-kqu8-8c1n-73hr" }, { "vulnerability": "VCID-ks1q-a8x2-uqht" }, { "vulnerability": "VCID-m3nc-xbb4-yubr" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-n326-yy8y-xuap" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-nvbp-pbjw-3qgx" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-r6hu-hvdh-abb1" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-rm7r-1pqj-3fbs" }, { "vulnerability": "VCID-rs13-zf7b-mka7" }, { "vulnerability": "VCID-s4re-vww7-sugb" }, { "vulnerability": "VCID-s97a-nmk8-y3ay" }, { "vulnerability": "VCID-sdz8-hju8-4bcb" }, { "vulnerability": "VCID-sn8n-mawq-3uht" }, { "vulnerability": "VCID-tgyt-axv1-c7ag" }, { "vulnerability": "VCID-u37d-tqqe-n7d4" }, { "vulnerability": "VCID-u4tq-8qnk-5fd7" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-v2qy-dbf2-bffn" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-w58p-3wg1-7ycr" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wk4s-4bcd-2yb5" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-x175-xjek-97ds" }, { "vulnerability": "VCID-xpxg-qq49-b7fd" }, { "vulnerability": "VCID-xt7m-u9eb-fyd9" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-y1ap-y4az-x7ec" }, { "vulnerability": "VCID-yn6z-9v7k-x7br" }, { "vulnerability": "VCID-yphc-ujay-7fcs" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-zhvz-jzf3-2uac" }, { "vulnerability": "VCID-zpxz-291y-x3c7" }, { "vulnerability": "VCID-zqe5-53je-mfaw" }, { "vulnerability": "VCID-zru2-9g25-77dc" }, { "vulnerability": "VCID-zrz3-3dnf-tbay" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/52097?format=api", "purl": "pkg:composer/typo3/cms@7.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1ef6-uy9t-mqcu" }, { "vulnerability": "VCID-1u4r-r97q-3yfk" }, { "vulnerability": "VCID-28fn-ncj5-2ufk" }, { "vulnerability": "VCID-2f2m-tcjn-fyby" }, { "vulnerability": "VCID-2rhr-8vaz-hqfj" }, { "vulnerability": "VCID-2rmv-a83x-9ka8" }, { "vulnerability": "VCID-3ugj-6m1e-e3hr" }, { "vulnerability": "VCID-5ru2-1n1f-afa4" }, { "vulnerability": "VCID-66kh-c1dm-8fbf" }, { "vulnerability": "VCID-6u6t-uy5y-5fd6" }, { "vulnerability": "VCID-7n9x-c9gs-9yb3" }, { "vulnerability": "VCID-953t-q1cr-zyd6" }, { "vulnerability": "VCID-9899-uxyb-73gg" }, { "vulnerability": "VCID-abjx-8v46-d7d8" }, { "vulnerability": "VCID-ansr-8m5j-pya6" }, { "vulnerability": "VCID-c57c-akce-xufq" }, { "vulnerability": "VCID-cgqm-1wwf-kbg6" }, { "vulnerability": "VCID-dsqm-9q3e-dudw" }, { "vulnerability": "VCID-dwjk-7sqh-hqa8" }, { "vulnerability": "VCID-dyhd-5p1e-fya6" }, { "vulnerability": "VCID-e1gr-txgg-fqa6" }, { "vulnerability": "VCID-e1ms-4r4s-g7e7" }, { "vulnerability": "VCID-e2bk-pfbe-puek" }, { "vulnerability": "VCID-e82x-2cdb-7fgn" }, { "vulnerability": "VCID-ec17-eauu-67d3" }, { "vulnerability": "VCID-ev4k-5k1d-2bhu" }, { "vulnerability": "VCID-fdnw-2tz5-4fdr" }, { "vulnerability": "VCID-fqkx-v8t5-q3h6" }, { "vulnerability": "VCID-gpv4-4tpd-tbaa" }, { "vulnerability": "VCID-hm4k-wbq3-r7ej" }, { "vulnerability": "VCID-hp99-ncuh-6ugv" }, { "vulnerability": "VCID-hsw8-nbs6-auaa" }, { "vulnerability": "VCID-hyx9-8ae6-sba8" }, { "vulnerability": "VCID-j6x1-dfre-2bdq" }, { "vulnerability": "VCID-jp1p-rfxa-hyd9" }, { "vulnerability": "VCID-jq5y-7h9g-mufa" }, { "vulnerability": "VCID-jwb1-3sbg-kfa5" }, { "vulnerability": "VCID-jx9x-wxwq-5khx" }, { "vulnerability": "VCID-n18b-qe5x-z7cj" }, { "vulnerability": "VCID-nhjv-nke2-2kf8" }, { "vulnerability": "VCID-njsj-bwjq-fyap" }, { "vulnerability": "VCID-nqqc-nkwq-rqhx" }, { "vulnerability": "VCID-p576-w7dd-p3h7" }, { "vulnerability": "VCID-p7gd-anw2-1qbz" }, { "vulnerability": "VCID-q5f3-nhjn-hyb4" }, { "vulnerability": "VCID-qcnh-z4zh-myaw" }, { "vulnerability": "VCID-qek9-g3h8-nfdz" }, { "vulnerability": "VCID-r6hu-hvdh-abb1" }, { "vulnerability": "VCID-rae3-cugy-hbh5" }, { "vulnerability": "VCID-rs13-zf7b-mka7" }, { "vulnerability": "VCID-teby-zvvw-zkhv" }, { "vulnerability": "VCID-tzpj-j3x1-ekgk" }, { "vulnerability": "VCID-u6h1-ccgw-jqds" }, { "vulnerability": "VCID-ub3e-hrb1-wqac" }, { "vulnerability": "VCID-uq77-aax5-k7d8" }, { "vulnerability": "VCID-vq15-t92r-5bhx" }, { "vulnerability": "VCID-w65h-8a9d-ckgj" }, { "vulnerability": "VCID-wms8-dnuz-b3hc" }, { "vulnerability": "VCID-xvyu-2hb8-8ufh" }, { "vulnerability": "VCID-xw1s-93bu-wuh9" }, { "vulnerability": "VCID-ys6f-g39p-fkfc" }, { "vulnerability": "VCID-yz6t-ge1y-qfgr" }, { "vulnerability": "VCID-zru2-9g25-77dc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.0" } ], "references": [ { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-3.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-3.yaml" }, { "reference_url": "https://github.com/TYPO3/typo3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/7695d91fca1a96a3a3e7466097ae92c32b1130d8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/7695d91fca1a96a3a3e7466097ae92c32b1130d8" }, { "reference_url": "https://github.com/TYPO3/typo3/commit/d7feb40c8d277c6b6ab3a548313be1e1a2084299", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/TYPO3/typo3/commit/d7feb40c8d277c6b6ab3a548313be1e1a2084299" }, { "reference_url": "https://typo3.org/security/advisory/typo3-core-sa-2015-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/security/advisory/typo3-core-sa-2015-004" }, { "reference_url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004" }, { "reference_url": "https://github.com/advisories/GHSA-wp8j-c736-c5r3", "reference_id": "GHSA-wp8j-c736-c5r3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-wp8j-c736-c5r3" } ], "weaknesses": [ { "cwe_id": 79, "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "description": "The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w65h-8a9d-ckgj" }