Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/typo3/cms-core@4.0.13
purl pkg:composer/typo3/cms-core@4.0.13
Tags Ghost
Next non-vulnerable version 12.4.41
Latest non-vulnerable version 14.0.2
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-h1jn-6xyy-vfga
Aliases:
CVE-2009-3633
GHSA-m7rg-85g8-28m9
Cross-Site Request Forgery (CSRF) Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.
4.1.13
Affected by 0 other vulnerabilities.
4.2.10
Affected by 0 other vulnerabilities.
4.3.0-beta2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-05T21:23:20.673270+00:00 GHSA Importer Affected by VCID-h1jn-6xyy-vfga https://github.com/advisories/GHSA-m7rg-85g8-28m9 38.6.0
2026-06-02T04:42:20.934216+00:00 GitLab Importer Affected by VCID-h1jn-6xyy-vfga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2009-3633.yml 38.6.0