Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/typo3/cms@4.1.0
purl pkg:composer/typo3/cms@4.1.0
Tags Ghost
Next non-vulnerable version 10.4.35
Latest non-vulnerable version 12.2.0
Risk 10.0
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-69fr-ztbp-z7gg
Aliases:
CVE-2009-0258
GHSA-74w6-ww7w-45j9
Improper Input Validation The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.
4.1.8
Affected by 0 other vulnerabilities.
4.2.4
Affected by 0 other vulnerabilities.
VCID-acey-xzmu-7yg9
Aliases:
CVE-2009-0816
GHSA-jg55-3q6h-2ccf
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.
4.1.10
Affected by 0 other vulnerabilities.
4.2.6
Affected by 0 other vulnerabilities.
VCID-tsmu-e547-8kdx
Aliases:
CVE-2009-0815
GHSA-c22j-84c7-cm77
TYPO3 leaks a hash secret in an error message The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.
4.1.10
Affected by 0 other vulnerabilities.
4.2.6
Affected by 0 other vulnerabilities.
VCID-u1y7-xzfg-z7ce
Aliases:
CVE-2009-3635
GHSA-hwrc-w5gg-f335
TYPO3 Install Tool Subcomponent Allows Access Using Only a Password's MD5 Hash as a Credential The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.
4.1.13
Affected by 0 other vulnerabilities.
4.2.10
Affected by 0 other vulnerabilities.
4.3.0-beta2
Affected by 0 other vulnerabilities.
VCID-zkmd-h3ch-ebbg
Aliases:
CVE-2009-0256
GHSA-q45q-5233-229p
Improper Authentication Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.
4.1.8
Affected by 0 other vulnerabilities.
4.2.4
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T16:00:40.080613+00:00 GHSA Importer Affected by VCID-u1y7-xzfg-z7ce https://github.com/advisories/GHSA-hwrc-w5gg-f335 38.0.0
2026-04-01T16:00:37.474828+00:00 GHSA Importer Affected by VCID-acey-xzmu-7yg9 https://github.com/advisories/GHSA-jg55-3q6h-2ccf 38.0.0
2026-04-01T16:00:37.307971+00:00 GHSA Importer Affected by VCID-tsmu-e547-8kdx https://github.com/advisories/GHSA-c22j-84c7-cm77 38.0.0
2026-04-01T16:00:36.501734+00:00 GHSA Importer Affected by VCID-69fr-ztbp-z7gg https://github.com/advisories/GHSA-74w6-ww7w-45j9 38.0.0
2026-04-01T16:00:36.358196+00:00 GHSA Importer Affected by VCID-zkmd-h3ch-ebbg https://github.com/advisories/GHSA-q45q-5233-229p 38.0.0
2026-04-01T12:50:01.629374+00:00 GitLab Importer Affected by VCID-69fr-ztbp-z7gg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2009-0258.yml 38.0.0
2026-04-01T12:50:01.518904+00:00 GitLab Importer Affected by VCID-zkmd-h3ch-ebbg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2009-0256.yml 38.0.0
2026-04-01T12:50:00.815212+00:00 GitLab Importer Affected by VCID-u1y7-xzfg-z7ce https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2009-3635.yml 38.0.0
2026-04-01T12:50:00.696158+00:00 GitLab Importer Affected by VCID-tsmu-e547-8kdx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2009-0815.yml 38.0.0
2026-04-01T12:49:59.471819+00:00 GitLab Importer Affected by VCID-acey-xzmu-7yg9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2009-0816.yml 38.0.0