VulnerableCode Package Details - pkg:composer/typo3/cms@4.4.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/typo3/cms@4.4.0

Essentials
History (32)

purl	pkg:composer/typo3/cms@4.4.0
Tags	Ghost

Next non-vulnerable version	10.4.35
Latest non-vulnerable version	12.2.0
Risk	10.0

Vulnerabilities affecting this package (16)

Vulnerability	Summary	Fixed by
VCID-2zuf-yf2d-t3hg Aliases: CVE-2011-4630 GHSA-29wr-24h5-95r5	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the browse_links wizard.	4.4.9 Affected by 0 other vulnerabilities. 4.5.4 Affected by 0 other vulnerabilities.
VCID-57cn-dmzh-4kdq Aliases: CVE-2012-2112 GHSA-qfr3-29w6-hwpg	Typo3 Exception Handler XSS Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.	4.4.15 Affected by 0 other vulnerabilities. 4.5.15 Affected by 0 other vulnerabilities. 4.6.8 Affected by 0 other vulnerabilities.
VCID-5arh-exf5-zub1 Aliases: CVE-2010-5103 GHSA-r2w2-2r2x-fpcx	TYPO3 SQL Injection vulnerability SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.	4.4.5 Affected by 0 other vulnerabilities.
VCID-88ng-ph1q-cybw Aliases: CVE-2012-1608 GHSA-w3v6-r62r-fvqh	Improper Input Validation The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and inject arbitrary web script or HTML via non printable characters.	4.4.14 Affected by 0 other vulnerabilities. 4.5.14 Affected by 0 other vulnerabilities. 4.6.7 Affected by 0 other vulnerabilities.
VCID-93v3-exum-5qf5 Aliases: CVE-2011-4628 GHSA-79gv-5cgx-x6rx	Improper Authentication TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authentication mechanisms in the backend through a crafted request.	4.4.9 Affected by 0 other vulnerabilities. 4.5.4 Affected by 0 other vulnerabilities.
VCID-enht-zcrt-mbe6 Aliases: CVE-2010-5099 GHSA-66j3-66cp-6c2m	TYPO3 Path Traversal vulnerability The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.	4.4.5 Affected by 0 other vulnerabilities.
VCID-fprf-zjud-8fcv Aliases: CVE-2012-1606 GHSA-7wwr-p84q-qr3q	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.	4.4.14 Affected by 0 other vulnerabilities. 4.5.14 Affected by 0 other vulnerabilities. 4.6.7 Affected by 0 other vulnerabilities.
VCID-fv74-gq28-rkd5 Aliases: CVE-2012-1605 GHSA-7jfm-px59-99w8	Typo3 Extbase Framework Unsafe Deserialization The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."	4.4.14 Affected by 0 other vulnerabilities. 4.5.14 Affected by 0 other vulnerabilities. 4.6.7 Affected by 0 other vulnerabilities.
VCID-jbu9-bp56-rkgw Aliases: CVE-2010-3714 GHSA-w736-qv86-vq94	TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism The jumpUrl (aka access tracking) implementation in `tslib/class.tslib_fe.php` in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.	4.4.4 Affected by 0 other vulnerabilities.
VCID-jk5g-64sn-ffgx Aliases: CVE-2011-4627 GHSA-frf4-5p2c-c3ff	Exposure of Sensitive Information to an Unauthorized Actor TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows Information Disclosure on the backend.	4.4.9 Affected by 0 other vulnerabilities. 4.5.4 Affected by 0 other vulnerabilities.
VCID-k6fn-pcqn-byhu Aliases: CVE-2010-5101 GHSA-rmqc-wfjm-3f66	TYPO3 Directory Traversal vulnerability Directory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the "file inclusion functionality."	4.4.5 Affected by 0 other vulnerabilities.
VCID-n177-3cym-d7e7 Aliases: CVE-2011-4632 GHSA-h86g-796f-hhfq	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the tcemain flash message.	4.4.9 Affected by 0 other vulnerabilities. 4.5.4 Affected by 0 other vulnerabilities.
VCID-nvd8-5j51-2yeg Aliases: CVE-2011-4902 GHSA-9vxq-mxw5-mcgp	Improper Input Validation TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to delete arbitrary files on the webserver.	4.4.9 Affected by 0 other vulnerabilities. 4.5.4 Affected by 0 other vulnerabilities.
VCID-tu8v-rv87-wfa3 Aliases: CVE-2011-4903 GHSA-q22w-r5qq-v3wf	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site Scripting (XSS) in TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to inject arbitrary web script or HTML via the RemoveXSS function.	4.4.9 Affected by 0 other vulnerabilities. 4.5.4 Affected by 0 other vulnerabilities.
VCID-ybdc-993m-aqfu Aliases: CVE-2011-4901 GHSA-8grp-3j5v-543g	Exposure of Sensitive Information to an Unauthorized Actor TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to extract arbitrary information from the TYPO3 database.	4.4.9 Affected by 0 other vulnerabilities. 4.5.4 Affected by 0 other vulnerabilities.
VCID-yk4b-baue-rkbt Aliases: CVE-2012-1607 GHSA-q68v-vcjg-r3vp	TYPO3 allows remote attackers to obtain the database name via a direct request The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-04T14:31:50.967794+00:00	GHSA Importer	Affected by	VCID-jbu9-bp56-rkgw	https://github.com/advisories/GHSA-w736-qv86-vq94	38.1.0
2026-04-04T14:31:50.453211+00:00	GHSA Importer	Affected by	VCID-yk4b-baue-rkbt	https://github.com/advisories/GHSA-q68v-vcjg-r3vp	38.1.0
2026-04-04T14:31:50.388767+00:00	GHSA Importer	Affected by	VCID-fprf-zjud-8fcv	https://github.com/advisories/GHSA-7wwr-p84q-qr3q	38.1.0
2026-04-04T14:31:50.355895+00:00	GHSA Importer	Affected by	VCID-88ng-ph1q-cybw	https://github.com/advisories/GHSA-w3v6-r62r-fvqh	38.1.0
2026-04-04T14:31:50.231631+00:00	GHSA Importer	Affected by	VCID-fv74-gq28-rkd5	https://github.com/advisories/GHSA-7jfm-px59-99w8	38.1.0
2026-04-04T14:31:16.037212+00:00	GHSA Importer	Affected by	VCID-k6fn-pcqn-byhu	https://github.com/advisories/GHSA-rmqc-wfjm-3f66	38.1.0
2026-04-04T14:31:15.747206+00:00	GHSA Importer	Affected by	VCID-enht-zcrt-mbe6	https://github.com/advisories/GHSA-66j3-66cp-6c2m	38.1.0
2026-04-04T14:31:15.564973+00:00	GHSA Importer	Affected by	VCID-5arh-exf5-zub1	https://github.com/advisories/GHSA-r2w2-2r2x-fpcx	38.1.0
2026-04-04T14:31:14.761035+00:00	GHSA Importer	Affected by	VCID-57cn-dmzh-4kdq	https://github.com/advisories/GHSA-qfr3-29w6-hwpg	38.1.0
2026-04-03T21:25:58.298765+00:00	GitLab Importer	Affected by	VCID-yk4b-baue-rkbt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2012-1607.yml	38.1.0
2026-04-03T21:25:57.505135+00:00	GitLab Importer	Affected by	VCID-fv74-gq28-rkd5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2012-1605.yml	38.1.0
2026-04-03T21:25:56.430380+00:00	GitLab Importer	Affected by	VCID-jbu9-bp56-rkgw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-3714.yml	38.1.0
2026-04-03T21:25:53.172178+00:00	GitLab Importer	Affected by	VCID-5arh-exf5-zub1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-5103.yml	38.1.0
2026-04-03T21:25:50.196696+00:00	GitLab Importer	Affected by	VCID-57cn-dmzh-4kdq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2012-2112.yml	38.1.0
2026-04-03T21:25:48.539435+00:00	GitLab Importer	Affected by	VCID-k6fn-pcqn-byhu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-5101.yml	38.1.0
2026-04-01T16:00:21.531687+00:00	GHSA Importer	Affected by	VCID-ybdc-993m-aqfu	https://github.com/advisories/GHSA-8grp-3j5v-543g	38.0.0
2026-04-01T16:00:21.483642+00:00	GHSA Importer	Affected by	VCID-2zuf-yf2d-t3hg	https://github.com/advisories/GHSA-29wr-24h5-95r5	38.0.0
2026-04-01T16:00:21.456442+00:00	GHSA Importer	Affected by	VCID-tu8v-rv87-wfa3	https://github.com/advisories/GHSA-q22w-r5qq-v3wf	38.0.0
2026-04-01T16:00:21.354737+00:00	GHSA Importer	Affected by	VCID-n177-3cym-d7e7	https://github.com/advisories/GHSA-h86g-796f-hhfq	38.0.0
2026-04-01T16:00:21.125876+00:00	GHSA Importer	Affected by	VCID-93v3-exum-5qf5	https://github.com/advisories/GHSA-79gv-5cgx-x6rx	38.0.0
2026-04-01T16:00:21.051313+00:00	GHSA Importer	Affected by	VCID-nvd8-5j51-2yeg	https://github.com/advisories/GHSA-9vxq-mxw5-mcgp	38.0.0
2026-04-01T16:00:20.997834+00:00	GHSA Importer	Affected by	VCID-jk5g-64sn-ffgx	https://github.com/advisories/GHSA-frf4-5p2c-c3ff	38.0.0
2026-04-01T12:50:44.787589+00:00	GitLab Importer	Affected by	VCID-88ng-ph1q-cybw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2012-1608.yml	38.0.0
2026-04-01T12:50:44.139825+00:00	GitLab Importer	Affected by	VCID-enht-zcrt-mbe6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2010-5099.yml	38.0.0
2026-04-01T12:50:42.078896+00:00	GitLab Importer	Affected by	VCID-fprf-zjud-8fcv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2012-1606.yml	38.0.0
2026-04-01T12:49:52.412751+00:00	GitLab Importer	Affected by	VCID-2zuf-yf2d-t3hg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2011-4630.yml	38.0.0
2026-04-01T12:49:52.378607+00:00	GitLab Importer	Affected by	VCID-n177-3cym-d7e7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2011-4632.yml	38.0.0
2026-04-01T12:49:52.218450+00:00	GitLab Importer	Affected by	VCID-93v3-exum-5qf5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2011-4628.yml	38.0.0
2026-04-01T12:49:52.142011+00:00	GitLab Importer	Affected by	VCID-jk5g-64sn-ffgx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2011-4627.yml	38.0.0
2026-04-01T12:49:51.929607+00:00	GitLab Importer	Affected by	VCID-tu8v-rv87-wfa3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2011-4903.yml	38.0.0
2026-04-01T12:49:51.859255+00:00	GitLab Importer	Affected by	VCID-ybdc-993m-aqfu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2011-4901.yml	38.0.0
2026-04-01T12:49:51.825193+00:00	GitLab Importer	Affected by	VCID-nvd8-5j51-2yeg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2011-4902.yml	38.0.0