Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/typo3/cms-core@6.1.0
purl pkg:composer/typo3/cms-core@6.1.0
Tags Ghost
Next non-vulnerable version 12.4.41
Latest non-vulnerable version 14.0.2
Risk 3.1
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-75re-n41m-y3et
Aliases:
CVE-2013-7081
GHSA-r674-mc9p-hvw5
TYPO3 Improper Access Control vulnerability The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.
6.1.6
Affected by 0 other vulnerabilities.
VCID-8ahj-xadv-xbhr
Aliases:
CVE-2013-7078
GHSA-qj69-chjp-g4f5
TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework Cross-site scripting (XSS) vulnerability in the errorAction method in the ActionController base class in the Extbase Framework in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6, when the Rewritten Property Mapper is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. NOTE: this might be the same vulnerability as CVE-2013-7072.
6.1.6
Affected by 0 other vulnerabilities.
VCID-aeeg-apyz-huda
Aliases:
CVE-2013-4320
GHSA-p9jg-9w87-6rg4
TYPO3 Improper Access Management in the File Abstraction Layer The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.
6.1.4
Affected by 0 other vulnerabilities.
VCID-bbrf-qfw6-w3fx
Aliases:
CVE-2013-7077
GHSA-5cmc-r23m-hvrr
TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module Cross-site scripting (XSS) vulnerability in the Backend User Administration Module in TYPO3 6.0.x before 6.0.12 and 6.1.x before 6.1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6.1.7
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-04T14:31:45.038352+00:00 GHSA Importer Affected by VCID-75re-n41m-y3et https://github.com/advisories/GHSA-r674-mc9p-hvw5 38.1.0
2026-04-04T14:31:42.506843+00:00 GHSA Importer Affected by VCID-aeeg-apyz-huda https://github.com/advisories/GHSA-p9jg-9w87-6rg4 38.1.0
2026-04-04T14:31:11.881787+00:00 GHSA Importer Affected by VCID-8ahj-xadv-xbhr https://github.com/advisories/GHSA-qj69-chjp-g4f5 38.1.0
2026-04-04T14:31:11.817749+00:00 GHSA Importer Affected by VCID-bbrf-qfw6-w3fx https://github.com/advisories/GHSA-5cmc-r23m-hvrr 38.1.0
2026-04-03T21:25:54.532822+00:00 GitLab Importer Affected by VCID-8ahj-xadv-xbhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2013-7078.yml 38.1.0
2026-04-03T21:25:52.541989+00:00 GitLab Importer Affected by VCID-bbrf-qfw6-w3fx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2013-7077.yml 38.1.0
2026-04-03T21:25:50.742642+00:00 GitLab Importer Affected by VCID-aeeg-apyz-huda https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2013-4320.yml 38.1.0
2026-04-03T21:25:49.287535+00:00 GitLab Importer Affected by VCID-75re-n41m-y3et https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2013-7081.yml 38.1.0