Search for packages
| purl | pkg:composer/typo3/cms@4.5.40 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-b5ht-z6zp-pbht
Aliases: CVE-2015-5956 GHSA-989h-wv8x-933p |
Cross-Site Scripting Vulnerability It has been discovered, that it is possible to forge a link to a backend module, which contains a JavaScript payload. This JavaScript is executed, if an authenticated editor with access to the module follows the link that, is tricked to click on a certain HTML target. Because TYPO3 include a secret token unknown to an attacker in every URL, an exploit would not be feasible for these versions. |
Affected by 79 other vulnerabilities. Affected by 44 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-04T14:30:47.752763+00:00 | GHSA Importer | Affected by | VCID-b5ht-z6zp-pbht | https://github.com/advisories/GHSA-989h-wv8x-933p | 38.1.0 |