Search for packages
| purl | pkg:composer/typo3/cms-core@7.6.52 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-y32z-2d3f-gkgw
Aliases: CVE-2021-32768 GHSA-c5c9-8c6m-727v |
Cross-site Scripting TYPO3 is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 27 other vulnerabilities. Affected by 33 other vulnerabilities. Affected by 35 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T16:57:35.440146+00:00 | GHSA Importer | Fixing | VCID-n15v-ta9h-6ffb | https://github.com/advisories/GHSA-34fr-fhqr-7235 | 38.1.0 |
| 2026-04-01T13:02:14.411806+00:00 | GithubOSV Importer | Fixing | VCID-n15v-ta9h-6ffb | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/07/GHSA-34fr-fhqr-7235/GHSA-34fr-fhqr-7235.json | 38.0.0 |
| 2026-04-01T12:48:38.973326+00:00 | GitLab Importer | Affected by | VCID-y32z-2d3f-gkgw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2021-32768.yml | 38.0.0 |