Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/typo3/cms-core@7.1.0
purl pkg:composer/typo3/cms-core@7.1.0
Tags Ghost
Next non-vulnerable version 12.4.41
Latest non-vulnerable version 14.0.2
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-5z59-dn7p-xbc5
Aliases:
GHSA-g4c9-qfvw-fmr4
TYPO3 Cross-Site Scripting in Backend Modal Component Failing to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability.
7.6.32
Affected by 0 other vulnerabilities.
8.7.21
Affected by 59 other vulnerabilities.
9.5.2
Affected by 88 other vulnerabilities.
VCID-ampc-h88c-afh2
Aliases:
CVE-2016-5091
GHSA-jxg5-35fj-ccwf
Information Exposure Extbase in TYPO3 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.
7.6.9
Affected by 0 other vulnerabilities.
8.1.2
Affected by 0 other vulnerabilities.
VCID-re9h-ze98-rbhu
Aliases:
CVE-2020-8091
GHSA-qvhv-pwww-53jj
Typo3 Cross-Site Scripting in Flash component (ELTS) TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 included a vulnerable external component, which could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
8.7.7
Affected by 84 other vulnerabilities.
VCID-rwqs-3ktq-qqbd
Aliases:
GHSA-8c25-vj2w-p72j
TYPO3 Cross-Site Scripting in Frontend User Login Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile. Template patterns that are affected are - ###FEUSER_[fieldName]### using system extension felogin - <!--###USERNAME###--> for regular frontend rendering (pattern can be defined individually using TypoScript setting config.USERNAME_substToken)
7.6.32
Affected by 0 other vulnerabilities.
8.7.21
Affected by 59 other vulnerabilities.
9.5.2
Affected by 88 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-02T12:39:25.330603+00:00 GitLab Importer Affected by VCID-5z59-dn7p-xbc5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-g4c9-qfvw-fmr4.yml 38.0.0
2026-04-02T12:39:24.741558+00:00 GitLab Importer Affected by VCID-rwqs-3ktq-qqbd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-8c25-vj2w-p72j.yml 38.0.0
2026-04-02T12:36:20.781564+00:00 GitLab Importer Affected by VCID-re9h-ze98-rbhu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-8091.yml 38.0.0
2026-04-01T16:05:35.578090+00:00 GHSA Importer Affected by VCID-rwqs-3ktq-qqbd https://github.com/advisories/GHSA-8c25-vj2w-p72j 38.0.0
2026-04-01T16:05:35.525756+00:00 GHSA Importer Affected by VCID-5z59-dn7p-xbc5 https://github.com/advisories/GHSA-g4c9-qfvw-fmr4 38.0.0
2026-04-01T12:47:10.375782+00:00 GitLab Importer Affected by VCID-ampc-h88c-afh2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2016-5091.yml 38.0.0