{"url":"http://public2.vulnerablecode.io/api/packages/105109?format=json","purl":"pkg:composer/typo3/cms@8.7.1","type":"composer","namespace":"typo3","name":"cms","version":"8.7.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"8.7.30","latest_non_vulnerable_version":"12.2.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13152?format=json","vulnerability_id":"VCID-1snp-vv9h-zycr","summary":"Information Disclosure in Install Tool.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-010/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-010/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56072?format=json","purl":"pkg:composer/typo3/cms@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/56073?format=json","purl":"pkg:composer/typo3/cms@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-brr6-1t75-gbeu"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2"}],"aliases":["GMS-2018-101"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1snp-vv9h-zycr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11567?format=json","vulnerability_id":"VCID-1znq-61hf-6ybk","summary":"Information Disclosure\nHTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called endpoint.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-006/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53006?format=json","purl":"pkg:composer/typo3/cms@8.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1snp-vv9h-zycr"},{"vulnerability":"VCID-49a1-re6y-9ybm"},{"vulnerability":"VCID-5bc6-kka6-p3h4"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-6xu1-wd67-2fdn"},{"vulnerability":"VCID-8xgz-x8v3-2kgx"},{"vulnerability":"VCID-aghr-ecp4-eqey"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-f7mj-c3hb-gbaa"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j2em-wgxm-b3af"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m9yu-1tca-vfec"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-qmbn-ma1j-4yc6"},{"vulnerability":"VCID-qxqn-abw1-3qfc"},{"vulnerability":"VCID-r47q-qn2f-qkd9"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-st8g-tn8f-wyat"},{"vulnerability":"VCID-v7jx-ku4g-37hy"},{"vulnerability":"VCID-vcs8-625u-wbg4"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5"}],"aliases":["TYPO3-CORE-SA-2017-006"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1znq-61hf-6ybk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13086?format=json","vulnerability_id":"VCID-49a1-re6y-9ybm","summary":"Cross-site Scripting\nCKEditor allows user-assisted XSS involving a source-mode paste.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17960","reference_id":"","reference_type":"","scores":[{"value":"0.02024","scoring_system":"epss","scoring_elements":"0.84065","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17960"},{"reference_url":"https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/","reference_id":"","reference_type":"","scores":[],"url":"https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/"},{"reference_url":"https://ckeditor.com/cke4/release/CKEditor-4.11.0","reference_id":"","reference_type":"","scores":[],"url":"https://ckeditor.com/cke4/release/CKEditor-4.11.0"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-005","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-005"},{"reference_url":"https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217","reference_id":"1015217","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17960","reference_id":"CVE-2018-17960","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17960"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml","reference_id":"CVE-2018-17960.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml","reference_id":"CVE-2018-17960.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml"},{"reference_url":"https://github.com/advisories/GHSA-g68x-vvqq-pvw3","reference_id":"GHSA-g68x-vvqq-pvw3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g68x-vvqq-pvw3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56072?format=json","purl":"pkg:composer/typo3/cms@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/56073?format=json","purl":"pkg:composer/typo3/cms@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-brr6-1t75-gbeu"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2"}],"aliases":["CVE-2018-17960","GHSA-g68x-vvqq-pvw3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-49a1-re6y-9ybm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13146?format=json","vulnerability_id":"VCID-5bc6-kka6-p3h4","summary":"Cross-site Scripting\nCross-Site Scripting in Backend Modal Component.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-007/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-007/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56072?format=json","purl":"pkg:composer/typo3/cms@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/56073?format=json","purl":"pkg:composer/typo3/cms@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-brr6-1t75-gbeu"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2"}],"aliases":["GMS-2018-98"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5bc6-kka6-p3h4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13745?format=json","vulnerability_id":"VCID-5nbd-n22c-c3es","summary":"Security Misconfiguration in Frontend Session Handling.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-018/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-018/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57246?format=json","purl":"pkg:composer/typo3/cms@8.7.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27"},{"url":"http://public2.vulnerablecode.io/api/packages/57247?format=json","purl":"pkg:composer/typo3/cms@9.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8"}],"aliases":["GMS-2019-187"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5nbd-n22c-c3es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13748?format=json","vulnerability_id":"VCID-6hc5-w52t-kkf3","summary":"Cross-site Scripting\nCross-Site Scripting in Link Handling.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-015/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-015/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57246?format=json","purl":"pkg:composer/typo3/cms@8.7.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27"},{"url":"http://public2.vulnerablecode.io/api/packages/57247?format=json","purl":"pkg:composer/typo3/cms@9.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8"}],"aliases":["GMS-2019-186"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6hc5-w52t-kkf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13242?format=json","vulnerability_id":"VCID-6qgs-yxdm-dfa5","summary":"Code Injection\nArbitrary Code Execution via File List Module.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-008/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-008/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55433?format=json","purl":"pkg:composer/typo3/cms@8.7.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/55434?format=json","purl":"pkg:composer/typo3/cms@9.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4"}],"aliases":["GMS-2019-178"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6qgs-yxdm-dfa5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13137?format=json","vulnerability_id":"VCID-6xu1-wd67-2fdn","summary":"Cross-site Scripting\nCross-Site Scripting in CKEditor.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-005/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56072?format=json","purl":"pkg:composer/typo3/cms@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/56073?format=json","purl":"pkg:composer/typo3/cms@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-brr6-1t75-gbeu"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2"}],"aliases":["GMS-2018-104"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6xu1-wd67-2fdn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12796?format=json","vulnerability_id":"VCID-8xgz-x8v3-2kgx","summary":"Improper Authentication\nAuthentication Bypass in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-001/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55079?format=json","purl":"pkg:composer/typo3/cms@8.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1snp-vv9h-zycr"},{"vulnerability":"VCID-49a1-re6y-9ybm"},{"vulnerability":"VCID-5bc6-kka6-p3h4"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-6xu1-wd67-2fdn"},{"vulnerability":"VCID-aghr-ecp4-eqey"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-f7mj-c3hb-gbaa"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j2em-wgxm-b3af"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m9yu-1tca-vfec"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-qmbn-ma1j-4yc6"},{"vulnerability":"VCID-qxqn-abw1-3qfc"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/55080?format=json","purl":"pkg:composer/typo3/cms@9.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1snp-vv9h-zycr"},{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-49a1-re6y-9ybm"},{"vulnerability":"VCID-5bc6-kka6-p3h4"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-6xu1-wd67-2fdn"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-brr6-1t75-gbeu"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-f7mj-c3hb-gbaa"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j2em-wgxm-b3af"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-m9yu-1tca-vfec"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-qmbn-ma1j-4yc6"},{"vulnerability":"VCID-qxqn-abw1-3qfc"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2"}],"aliases":["GMS-2018-93"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgz-x8v3-2kgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11590?format=json","vulnerability_id":"VCID-94ty-y1r7-pkcy","summary":"Unrestricted Upload of File with Dangerous Type\nUnrestricted File Upload vulnerability in the `fileDenyPattern` in `sysext/core/Classes/Core/SystemEnvironmentBuilder`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14251","reference_id":"","reference_type":"","scores":[{"value":"0.03536","scoring_system":"epss","scoring_elements":"0.87871","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14251"},{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/"},{"reference_url":"http://www.securityfocus.com/bid/100620","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100620"},{"reference_url":"http://www.securitytracker.com/id/1039295","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039295"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14251","reference_id":"CVE-2017-14251","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14251"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53006?format=json","purl":"pkg:composer/typo3/cms@8.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1snp-vv9h-zycr"},{"vulnerability":"VCID-49a1-re6y-9ybm"},{"vulnerability":"VCID-5bc6-kka6-p3h4"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-6xu1-wd67-2fdn"},{"vulnerability":"VCID-8xgz-x8v3-2kgx"},{"vulnerability":"VCID-aghr-ecp4-eqey"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-f7mj-c3hb-gbaa"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j2em-wgxm-b3af"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m9yu-1tca-vfec"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-qmbn-ma1j-4yc6"},{"vulnerability":"VCID-qxqn-abw1-3qfc"},{"vulnerability":"VCID-r47q-qn2f-qkd9"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-st8g-tn8f-wyat"},{"vulnerability":"VCID-v7jx-ku4g-37hy"},{"vulnerability":"VCID-vcs8-625u-wbg4"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5"}],"aliases":["CVE-2017-14251"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-94ty-y1r7-pkcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13145?format=json","vulnerability_id":"VCID-aghr-ecp4-eqey","summary":"Uncontrolled Resource Consumption\nDenial of Service in Frontend Record Registration.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-012/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-012/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56072?format=json","purl":"pkg:composer/typo3/cms@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/54315?format=json","purl":"pkg:composer/typo3/cms@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1snp-vv9h-zycr"},{"vulnerability":"VCID-2cha-web7-73f6"},{"vulnerability":"VCID-2dk9-nj1q-zbac"},{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-49a1-re6y-9ybm"},{"vulnerability":"VCID-4sva-74pj-6ke8"},{"vulnerability":"VCID-5bc6-kka6-p3h4"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-5xbb-syuc-qbdw"},{"vulnerability":"VCID-5ynp-eb7a-qqf3"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-6tzs-x8d1-ebe1"},{"vulnerability":"VCID-6xu1-wd67-2fdn"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-83uf-75pf-rkdk"},{"vulnerability":"VCID-88qn-j3zx-u3gm"},{"vulnerability":"VCID-8xgz-x8v3-2kgx"},{"vulnerability":"VCID-9x28-fsv5-hqcc"},{"vulnerability":"VCID-aj95-p9de-qff5"},{"vulnerability":"VCID-arur-ep6s-rqdy"},{"vulnerability":"VCID-ax86-j7wt-r3eq"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-brr6-1t75-gbeu"},{"vulnerability":"VCID-bxgx-dwg9-4ygv"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-de8m-ktdb-w3ht"},{"vulnerability":"VCID-dus4-tfjy-h3f4"},{"vulnerability":"VCID-es5w-n25j-nqhg"},{"vulnerability":"VCID-evcy-2c82-nbbk"},{"vulnerability":"VCID-evjm-8a4r-8yg9"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-f7mj-c3hb-gbaa"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-fpg4-zerw-wba9"},{"vulnerability":"VCID-fwrf-t4ey-f3br"},{"vulnerability":"VCID-g1k2-f13f-skgf"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-gfvt-nhw4-gyd6"},{"vulnerability":"VCID-gkv2-xedj-zufa"},{"vulnerability":"VCID-hgtr-b8rj-23ah"},{"vulnerability":"VCID-j2em-wgxm-b3af"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-khss-78tw-77gz"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-m9yu-1tca-vfec"},{"vulnerability":"VCID-mna4-dcqb-j7ga"},{"vulnerability":"VCID-mrs5-ygvw-bufa"},{"vulnerability":"VCID-nr1y-7a97-3yek"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-qmbn-ma1j-4yc6"},{"vulnerability":"VCID-qxqn-abw1-3qfc"},{"vulnerability":"VCID-r47q-qn2f-qkd9"},{"vulnerability":"VCID-sdr9-c9yv-jfak"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-st8g-tn8f-wyat"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-t7v7-e824-w7en"},{"vulnerability":"VCID-tpxh-fdty-73cw"},{"vulnerability":"VCID-v7jx-ku4g-37hy"},{"vulnerability":"VCID-vcs8-625u-wbg4"},{"vulnerability":"VCID-vrux-m1s5-1ker"},{"vulnerability":"VCID-wat9-f362-v3g7"},{"vulnerability":"VCID-wrn1-nrtv-y3fx"},{"vulnerability":"VCID-xwgq-enpf-tqe1"},{"vulnerability":"VCID-xxxy-6j4a-7fbr"},{"vulnerability":"VCID-y5fe-53uv-2ycz"},{"vulnerability":"VCID-ybm6-51vn-bybr"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"},{"vulnerability":"VCID-ztnv-bz8e-23fw"},{"vulnerability":"VCID-zue9-dmqm-nkgy"},{"vulnerability":"VCID-zvpd-a1k6-suev"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0"}],"aliases":["GMS-2018-103"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aghr-ecp4-eqey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13580?format=json","vulnerability_id":"VCID-b1xu-66dr-d3bf","summary":"Code Injection\nPossible Arbitrary Code Execution in Image Processing.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-012/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-012/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56968?format=json","purl":"pkg:composer/typo3/cms@8.7.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.25"},{"url":"http://public2.vulnerablecode.io/api/packages/56969?format=json","purl":"pkg:composer/typo3/cms@9.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6"}],"aliases":["GMS-2019-182"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b1xu-66dr-d3bf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13249?format=json","vulnerability_id":"VCID-bjbm-8nvj-dyb1","summary":"Cross-site Scripting\nCross-Site Scripting in Form Framework.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-007/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-007/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55433?format=json","purl":"pkg:composer/typo3/cms@8.7.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/55434?format=json","purl":"pkg:composer/typo3/cms@9.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4"}],"aliases":["GMS-2019-177"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bjbm-8nvj-dyb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13590?format=json","vulnerability_id":"VCID-cag3-ba8g-zfcn","summary":"Improper Input Validation\nTYPO3 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by `ImageMagick` or `GraphicsMagick`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11832","reference_id":"","reference_type":"","scores":[{"value":"0.00898","scoring_system":"epss","scoring_elements":"0.7599","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11832"},{"reference_url":"https://github.com/github/advisory-database/pull/3530","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/github/advisory-database/pull/3530"},{"reference_url":"https://github.com/TYPO3/typo3/commit/2c04eeac44733fda491f92c697f88c1337d19c79","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/2c04eeac44733fda491f92c697f88c1337d19c79"},{"reference_url":"https://github.com/TYPO3/typo3/commit/51fdb774a57ee30e8d60c0e33b4a0b92d775739e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/51fdb774a57ee30e8d60c0e33b4a0b92d775739e"},{"reference_url":"https://github.com/TYPO3/typo3/commit/e845d90b82b2f72ab12a9e37f15082297832beca","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/e845d90b82b2f72ab12a9e37f15082297832beca"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-012","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-012"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-012/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-012/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11832","reference_id":"CVE-2019-11832","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-11832"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-11832.yaml","reference_id":"CVE-2019-11832.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-11832.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-11832.yaml","reference_id":"CVE-2019-11832.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-11832.yaml"},{"reference_url":"https://github.com/advisories/GHSA-3w4h-r27h-4r2w","reference_id":"GHSA-3w4h-r27h-4r2w","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-3w4h-r27h-4r2w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56968?format=json","purl":"pkg:composer/typo3/cms@8.7.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.25"},{"url":"http://public2.vulnerablecode.io/api/packages/56969?format=json","purl":"pkg:composer/typo3/cms@9.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6"}],"aliases":["CVE-2019-11832","GHSA-3w4h-r27h-4r2w"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cag3-ba8g-zfcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13739?format=json","vulnerability_id":"VCID-eyxt-9p91-vfdf","summary":"Insecure Deserialization in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-020/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-020/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57246?format=json","purl":"pkg:composer/typo3/cms@8.7.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27"},{"url":"http://public2.vulnerablecode.io/api/packages/57247?format=json","purl":"pkg:composer/typo3/cms@9.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8"}],"aliases":["GMS-2019-189"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eyxt-9p91-vfdf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13148?format=json","vulnerability_id":"VCID-f7mj-c3hb-gbaa","summary":"Cross-site Scripting\nCross-Site Scripting in Frontend User Login.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-008/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-008/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56072?format=json","purl":"pkg:composer/typo3/cms@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/56073?format=json","purl":"pkg:composer/typo3/cms@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-brr6-1t75-gbeu"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2"}],"aliases":["GMS-2018-99"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f7mj-c3hb-gbaa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13239?format=json","vulnerability_id":"VCID-fh4y-fm7b-hqaj","summary":"Information Disclosure of Installed Extensions.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-001/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55433?format=json","purl":"pkg:composer/typo3/cms@8.7.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/55434?format=json","purl":"pkg:composer/typo3/cms@9.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4"}],"aliases":["GMS-2019-172"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fh4y-fm7b-hqaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13750?format=json","vulnerability_id":"VCID-fhf6-ehe3-9fc9","summary":"Code Injection\nArbitrary Code Execution and Cross-Site Scripting in Backend API.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-019/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-019/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57246?format=json","purl":"pkg:composer/typo3/cms@8.7.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27"},{"url":"http://public2.vulnerablecode.io/api/packages/57247?format=json","purl":"pkg:composer/typo3/cms@9.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8"}],"aliases":["GMS-2019-188"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fhf6-ehe3-9fc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13780?format=json","vulnerability_id":"VCID-fjmf-pf49-vbde","summary":"Cross-site Scripting\nTYPO3 allows XSS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12748","reference_id":"","reference_type":"","scores":[{"value":"0.00301","scoring_system":"epss","scoring_elements":"0.53688","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12748"},{"reference_url":"https://typo3.org/cms/release-news/typo3-8-release-notes/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/cms/release-news/typo3-8-release-notes/"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-015","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-015"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-015/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-015/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12748","reference_id":"CVE-2019-12748","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-12748"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-12748.yaml","reference_id":"CVE-2019-12748.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-12748.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-12748.yaml","reference_id":"CVE-2019-12748.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-12748.yaml"},{"reference_url":"https://github.com/advisories/GHSA-r6fv-56gp-j3r4","reference_id":"GHSA-r6fv-56gp-j3r4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r6fv-56gp-j3r4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57246?format=json","purl":"pkg:composer/typo3/cms@8.7.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27"},{"url":"http://public2.vulnerablecode.io/api/packages/57247?format=json","purl":"pkg:composer/typo3/cms@9.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8"}],"aliases":["CVE-2019-12748","GHSA-r6fv-56gp-j3r4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fjmf-pf49-vbde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142750?format=json","vulnerability_id":"VCID-fm88-sv4z-qyak","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19850","reference_id":"","reference_type":"","scores":[{"value":"0.00284","scoring_system":"epss","scoring_elements":"0.52048","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19850"},{"reference_url":"https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security","reference_id":"","reference_type":"","scores":[],"url":"https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-025/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-025/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19850","reference_id":"CVE-2019-19850","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19850"}],"fixed_packages":[],"aliases":["CVE-2019-19850"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fm88-sv4z-qyak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13258?format=json","vulnerability_id":"VCID-g9kd-xhm7-fbbp","summary":"Cross-site Scripting\nCross-Site Scripting in Fluid `ViewHelpers`.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-005/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55433?format=json","purl":"pkg:composer/typo3/cms@8.7.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/55434?format=json","purl":"pkg:composer/typo3/cms@9.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4"}],"aliases":["GMS-2019-175"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g9kd-xhm7-fbbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11566?format=json","vulnerability_id":"VCID-gfuj-61z7-q7gk","summary":"Arbitrary Code Execution\nDue to a missing file extension in the `fileDenyPattern`, backend user are allowed to upload *.pht files which can be executed in certain web server setups.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-007/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53006?format=json","purl":"pkg:composer/typo3/cms@8.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1snp-vv9h-zycr"},{"vulnerability":"VCID-49a1-re6y-9ybm"},{"vulnerability":"VCID-5bc6-kka6-p3h4"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-6xu1-wd67-2fdn"},{"vulnerability":"VCID-8xgz-x8v3-2kgx"},{"vulnerability":"VCID-aghr-ecp4-eqey"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-f7mj-c3hb-gbaa"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j2em-wgxm-b3af"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m9yu-1tca-vfec"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-qmbn-ma1j-4yc6"},{"vulnerability":"VCID-qxqn-abw1-3qfc"},{"vulnerability":"VCID-r47q-qn2f-qkd9"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-st8g-tn8f-wyat"},{"vulnerability":"VCID-v7jx-ku4g-37hy"},{"vulnerability":"VCID-vcs8-625u-wbg4"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5"}],"aliases":["TYPO3-CORE-SA-2017-007"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gfuj-61z7-q7gk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13144?format=json","vulnerability_id":"VCID-j2em-wgxm-b3af","summary":"Security Misconfiguration in Install Tool Cookie.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-009/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-009/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56072?format=json","purl":"pkg:composer/typo3/cms@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/56073?format=json","purl":"pkg:composer/typo3/cms@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-brr6-1t75-gbeu"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2"}],"aliases":["GMS-2018-100"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j2em-wgxm-b3af"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13588?format=json","vulnerability_id":"VCID-ja5a-zt3y-7ugp","summary":"Cross-site Scripting\nCross-Site Scripting in Fluid Engine.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-013/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-013/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56968?format=json","purl":"pkg:composer/typo3/cms@8.7.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.25"},{"url":"http://public2.vulnerablecode.io/api/packages/56969?format=json","purl":"pkg:composer/typo3/cms@9.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6"}],"aliases":["GMS-2019-180"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ja5a-zt3y-7ugp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13749?format=json","vulnerability_id":"VCID-jrkx-ccre-7fb6","summary":"Information Disclosure in Backend User Interface.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-014/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-014/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57246?format=json","purl":"pkg:composer/typo3/cms@8.7.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.27"},{"url":"http://public2.vulnerablecode.io/api/packages/57247?format=json","purl":"pkg:composer/typo3/cms@9.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.8"}],"aliases":["GMS-2019-185"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jrkx-ccre-7fb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13150?format=json","vulnerability_id":"VCID-m9yu-1tca-vfec","summary":"Cross-site Scripting\nCross-Site Scripting in Online Media Asset Rendering.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-006/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-006/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56072?format=json","purl":"pkg:composer/typo3/cms@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/56073?format=json","purl":"pkg:composer/typo3/cms@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-brr6-1t75-gbeu"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2"}],"aliases":["GMS-2018-97"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m9yu-1tca-vfec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13261?format=json","vulnerability_id":"VCID-ny92-a3hq-z3es","summary":"Security Misconfiguration for Backend User Accounts.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-002/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-002/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55433?format=json","purl":"pkg:composer/typo3/cms@8.7.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/55434?format=json","purl":"pkg:composer/typo3/cms@9.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4"}],"aliases":["GMS-2019-173"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ny92-a3hq-z3es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13251?format=json","vulnerability_id":"VCID-pt7n-4xyk-ayhd","summary":"Improper Access Control\nBroken Access Control in Localization Handling.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-003/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-003/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55433?format=json","purl":"pkg:composer/typo3/cms@8.7.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/54315?format=json","purl":"pkg:composer/typo3/cms@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1snp-vv9h-zycr"},{"vulnerability":"VCID-2cha-web7-73f6"},{"vulnerability":"VCID-2dk9-nj1q-zbac"},{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-49a1-re6y-9ybm"},{"vulnerability":"VCID-4sva-74pj-6ke8"},{"vulnerability":"VCID-5bc6-kka6-p3h4"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-5xbb-syuc-qbdw"},{"vulnerability":"VCID-5ynp-eb7a-qqf3"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-6tzs-x8d1-ebe1"},{"vulnerability":"VCID-6xu1-wd67-2fdn"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-83uf-75pf-rkdk"},{"vulnerability":"VCID-88qn-j3zx-u3gm"},{"vulnerability":"VCID-8xgz-x8v3-2kgx"},{"vulnerability":"VCID-9x28-fsv5-hqcc"},{"vulnerability":"VCID-aj95-p9de-qff5"},{"vulnerability":"VCID-arur-ep6s-rqdy"},{"vulnerability":"VCID-ax86-j7wt-r3eq"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-brr6-1t75-gbeu"},{"vulnerability":"VCID-bxgx-dwg9-4ygv"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-de8m-ktdb-w3ht"},{"vulnerability":"VCID-dus4-tfjy-h3f4"},{"vulnerability":"VCID-es5w-n25j-nqhg"},{"vulnerability":"VCID-evcy-2c82-nbbk"},{"vulnerability":"VCID-evjm-8a4r-8yg9"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-f7mj-c3hb-gbaa"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-fpg4-zerw-wba9"},{"vulnerability":"VCID-fwrf-t4ey-f3br"},{"vulnerability":"VCID-g1k2-f13f-skgf"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-gfvt-nhw4-gyd6"},{"vulnerability":"VCID-gkv2-xedj-zufa"},{"vulnerability":"VCID-hgtr-b8rj-23ah"},{"vulnerability":"VCID-j2em-wgxm-b3af"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-khss-78tw-77gz"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-m9yu-1tca-vfec"},{"vulnerability":"VCID-mna4-dcqb-j7ga"},{"vulnerability":"VCID-mrs5-ygvw-bufa"},{"vulnerability":"VCID-nr1y-7a97-3yek"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-qmbn-ma1j-4yc6"},{"vulnerability":"VCID-qxqn-abw1-3qfc"},{"vulnerability":"VCID-r47q-qn2f-qkd9"},{"vulnerability":"VCID-sdr9-c9yv-jfak"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-st8g-tn8f-wyat"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-t7v7-e824-w7en"},{"vulnerability":"VCID-tpxh-fdty-73cw"},{"vulnerability":"VCID-v7jx-ku4g-37hy"},{"vulnerability":"VCID-vcs8-625u-wbg4"},{"vulnerability":"VCID-vrux-m1s5-1ker"},{"vulnerability":"VCID-wat9-f362-v3g7"},{"vulnerability":"VCID-wrn1-nrtv-y3fx"},{"vulnerability":"VCID-xwgq-enpf-tqe1"},{"vulnerability":"VCID-xxxy-6j4a-7fbr"},{"vulnerability":"VCID-y5fe-53uv-2ycz"},{"vulnerability":"VCID-ybm6-51vn-bybr"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"},{"vulnerability":"VCID-ztnv-bz8e-23fw"},{"vulnerability":"VCID-zue9-dmqm-nkgy"},{"vulnerability":"VCID-zvpd-a1k6-suev"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0"}],"aliases":["GMS-2019-174"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pt7n-4xyk-ayhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13256?format=json","vulnerability_id":"VCID-pu1y-mtu6-pugz","summary":"Cross-site Scripting\nCross-Site Scripting in Bootstrap CSS toolkit.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-006/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-006/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55433?format=json","purl":"pkg:composer/typo3/cms@8.7.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/55434?format=json","purl":"pkg:composer/typo3/cms@9.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4"}],"aliases":["GMS-2019-176"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pu1y-mtu6-pugz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13138?format=json","vulnerability_id":"VCID-qmbn-ma1j-4yc6","summary":"Uncontrolled Resource Consumption\nDenial of Service in Online Media Asset Handling.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-011/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-011/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56072?format=json","purl":"pkg:composer/typo3/cms@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/56073?format=json","purl":"pkg:composer/typo3/cms@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-brr6-1t75-gbeu"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2"}],"aliases":["GMS-2018-102"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qmbn-ma1j-4yc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12805?format=json","vulnerability_id":"VCID-qxqn-abw1-3qfc","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIn Bootstrap, XSS is possible in the data-target property of scrollspy.","references":[{"reference_url":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"},{"reference_url":"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1456","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1456"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14041","reference_id":"","reference_type":"","scores":[{"value":"0.07917","scoring_system":"epss","scoring_elements":"0.92163","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14041"},{"reference_url":"https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""}],"url":"https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2"},{"reference_url":"http://seclists.org/fulldisclosure/2019/May/10","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2019/May/10"},{"reference_url":"http://seclists.org/fulldisclosure/2019/May/11","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2019/May/11"},{"reference_url":"http://seclists.org/fulldisclosure/2019/May/13","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2019/May/13"},{"reference_url":"https://github.com/twbs/bootstrap","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/twbs/bootstrap"},{"reference_url":"https://github.com/twbs/bootstrap/issues/26423","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/twbs/bootstrap/issues/26423"},{"reference_url":"https://github.com/twbs/bootstrap/issues/26627","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/twbs/bootstrap/issues/26627"},{"reference_url":"https://github.com/twbs/bootstrap/pull/26630","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/twbs/bootstrap/pull/26630"},{"reference_url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E"},{"reference_url":"https://seclists.org/bugtraq/2019/May/18","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/May/18"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-006","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-006"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14041","reference_id":"CVE-2018-14041","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14041"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml","reference_id":"CVE-2018-14041.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml","reference_id":"CVE-2018-14041.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml","reference_id":"CVE-2018-14041.YML","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml"},{"reference_url":"https://github.com/advisories/GHSA-pj7m-g53m-7638","reference_id":"GHSA-pj7m-g53m-7638","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pj7m-g53m-7638"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55433?format=json","purl":"pkg:composer/typo3/cms@8.7.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/55434?format=json","purl":"pkg:composer/typo3/cms@9.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.4"}],"aliases":["CVE-2018-14041","GHSA-pj7m-g53m-7638"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxqn-abw1-3qfc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11570?format=json","vulnerability_id":"VCID-qy73-z69h-4fd3","summary":"Information Disclosure\nFailing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this vulnerability.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53006?format=json","purl":"pkg:composer/typo3/cms@8.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1snp-vv9h-zycr"},{"vulnerability":"VCID-49a1-re6y-9ybm"},{"vulnerability":"VCID-5bc6-kka6-p3h4"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-6xu1-wd67-2fdn"},{"vulnerability":"VCID-8xgz-x8v3-2kgx"},{"vulnerability":"VCID-aghr-ecp4-eqey"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-f7mj-c3hb-gbaa"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j2em-wgxm-b3af"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m9yu-1tca-vfec"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-qmbn-ma1j-4yc6"},{"vulnerability":"VCID-qxqn-abw1-3qfc"},{"vulnerability":"VCID-r47q-qn2f-qkd9"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-st8g-tn8f-wyat"},{"vulnerability":"VCID-v7jx-ku4g-37hy"},{"vulnerability":"VCID-vcs8-625u-wbg4"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5"}],"aliases":["TYPO3-CORE-SA-2017-005"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qy73-z69h-4fd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12799?format=json","vulnerability_id":"VCID-r47q-qn2f-qkd9","summary":"Insecure Deserialization in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-004/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-004/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55079?format=json","purl":"pkg:composer/typo3/cms@8.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1snp-vv9h-zycr"},{"vulnerability":"VCID-49a1-re6y-9ybm"},{"vulnerability":"VCID-5bc6-kka6-p3h4"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-6xu1-wd67-2fdn"},{"vulnerability":"VCID-aghr-ecp4-eqey"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-f7mj-c3hb-gbaa"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j2em-wgxm-b3af"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m9yu-1tca-vfec"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-qmbn-ma1j-4yc6"},{"vulnerability":"VCID-qxqn-abw1-3qfc"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/55080?format=json","purl":"pkg:composer/typo3/cms@9.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1snp-vv9h-zycr"},{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-49a1-re6y-9ybm"},{"vulnerability":"VCID-5bc6-kka6-p3h4"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-6xu1-wd67-2fdn"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-brr6-1t75-gbeu"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-f7mj-c3hb-gbaa"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j2em-wgxm-b3af"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-m9yu-1tca-vfec"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-qmbn-ma1j-4yc6"},{"vulnerability":"VCID-qxqn-abw1-3qfc"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2"}],"aliases":["GMS-2018-96"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r47q-qn2f-qkd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142748?format=json","vulnerability_id":"VCID-ssz6-xrjr-7kee","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19848","reference_id":"","reference_type":"","scores":[{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59366","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19848"},{"reference_url":"https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security","reference_id":"","reference_type":"","scores":[],"url":"https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-024/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-024/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19848","reference_id":"CVE-2019-19848","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19848"}],"fixed_packages":[],"aliases":["CVE-2019-19848"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ssz6-xrjr-7kee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12798?format=json","vulnerability_id":"VCID-st8g-tn8f-wyat","summary":"Privilege Escalation & SQL Injection in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-003/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-003/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55079?format=json","purl":"pkg:composer/typo3/cms@8.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1snp-vv9h-zycr"},{"vulnerability":"VCID-49a1-re6y-9ybm"},{"vulnerability":"VCID-5bc6-kka6-p3h4"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-6xu1-wd67-2fdn"},{"vulnerability":"VCID-aghr-ecp4-eqey"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-f7mj-c3hb-gbaa"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j2em-wgxm-b3af"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m9yu-1tca-vfec"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-qmbn-ma1j-4yc6"},{"vulnerability":"VCID-qxqn-abw1-3qfc"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/55080?format=json","purl":"pkg:composer/typo3/cms@9.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1snp-vv9h-zycr"},{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-49a1-re6y-9ybm"},{"vulnerability":"VCID-5bc6-kka6-p3h4"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-6xu1-wd67-2fdn"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-brr6-1t75-gbeu"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-f7mj-c3hb-gbaa"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j2em-wgxm-b3af"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-m9yu-1tca-vfec"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-qmbn-ma1j-4yc6"},{"vulnerability":"VCID-qxqn-abw1-3qfc"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2"}],"aliases":["GMS-2018-95"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-st8g-tn8f-wyat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12797?format=json","vulnerability_id":"VCID-v7jx-ku4g-37hy","summary":"Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-002/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-002/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55079?format=json","purl":"pkg:composer/typo3/cms@8.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1snp-vv9h-zycr"},{"vulnerability":"VCID-49a1-re6y-9ybm"},{"vulnerability":"VCID-5bc6-kka6-p3h4"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-6xu1-wd67-2fdn"},{"vulnerability":"VCID-aghr-ecp4-eqey"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-f7mj-c3hb-gbaa"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j2em-wgxm-b3af"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m9yu-1tca-vfec"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-qmbn-ma1j-4yc6"},{"vulnerability":"VCID-qxqn-abw1-3qfc"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/55080?format=json","purl":"pkg:composer/typo3/cms@9.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1snp-vv9h-zycr"},{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-49a1-re6y-9ybm"},{"vulnerability":"VCID-5bc6-kka6-p3h4"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-6xu1-wd67-2fdn"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-brr6-1t75-gbeu"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-f7mj-c3hb-gbaa"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j2em-wgxm-b3af"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-m9yu-1tca-vfec"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-qmbn-ma1j-4yc6"},{"vulnerability":"VCID-qxqn-abw1-3qfc"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2"}],"aliases":["GMS-2018-94"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v7jx-ku4g-37hy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12266?format=json","vulnerability_id":"VCID-vcs8-625u-wbg4","summary":"Cross-site Scripting\nThe page module in TYPO3 is vulnerable to XSS via `$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']`, as demonstrated by an admin entering a crafted site name during the installation process.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6905","reference_id":"","reference_type":"","scores":[{"value":"0.02274","scoring_system":"epss","scoring_elements":"0.8493","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-6905"},{"reference_url":"https://forge.typo3.org/issues/84191","reference_id":"","reference_type":"","scores":[],"url":"https://forge.typo3.org/issues/84191"},{"reference_url":"http://www.securitytracker.com/id/1040755","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040755"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6905","reference_id":"CVE-2018-6905","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54316?format=json","purl":"pkg:composer/typo3/cms@8.7.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1snp-vv9h-zycr"},{"vulnerability":"VCID-49a1-re6y-9ybm"},{"vulnerability":"VCID-5bc6-kka6-p3h4"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-6xu1-wd67-2fdn"},{"vulnerability":"VCID-8xgz-x8v3-2kgx"},{"vulnerability":"VCID-aghr-ecp4-eqey"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-f7mj-c3hb-gbaa"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j2em-wgxm-b3af"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m9yu-1tca-vfec"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-qmbn-ma1j-4yc6"},{"vulnerability":"VCID-qxqn-abw1-3qfc"},{"vulnerability":"VCID-r47q-qn2f-qkd9"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-st8g-tn8f-wyat"},{"vulnerability":"VCID-v7jx-ku4g-37hy"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.11"},{"url":"http://public2.vulnerablecode.io/api/packages/54317?format=json","purl":"pkg:composer/typo3/cms@9.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1snp-vv9h-zycr"},{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-49a1-re6y-9ybm"},{"vulnerability":"VCID-5bc6-kka6-p3h4"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-6xu1-wd67-2fdn"},{"vulnerability":"VCID-79pg-wt38-skg8"},{"vulnerability":"VCID-8xgz-x8v3-2kgx"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-brr6-1t75-gbeu"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-f7mj-c3hb-gbaa"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j2em-wgxm-b3af"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-m9yu-1tca-vfec"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-qmbn-ma1j-4yc6"},{"vulnerability":"VCID-qxqn-abw1-3qfc"},{"vulnerability":"VCID-r47q-qn2f-qkd9"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-st8g-tn8f-wyat"},{"vulnerability":"VCID-t6bx-uwej-xyed"},{"vulnerability":"VCID-v7jx-ku4g-37hy"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.1.0"}],"aliases":["CVE-2018-6905"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vcs8-625u-wbg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11564?format=json","vulnerability_id":"VCID-y5vr-zzjq-6ufk","summary":"XSS Vulnerability\nFailing to properly encode user input, backend forms are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this vulnerability.","references":[{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-004/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2017-004/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53006?format=json","purl":"pkg:composer/typo3/cms@8.7.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1snp-vv9h-zycr"},{"vulnerability":"VCID-49a1-re6y-9ybm"},{"vulnerability":"VCID-5bc6-kka6-p3h4"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-6qgs-yxdm-dfa5"},{"vulnerability":"VCID-6xu1-wd67-2fdn"},{"vulnerability":"VCID-8xgz-x8v3-2kgx"},{"vulnerability":"VCID-aghr-ecp4-eqey"},{"vulnerability":"VCID-b1xu-66dr-d3bf"},{"vulnerability":"VCID-bjbm-8nvj-dyb1"},{"vulnerability":"VCID-cag3-ba8g-zfcn"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-f7mj-c3hb-gbaa"},{"vulnerability":"VCID-fh4y-fm7b-hqaj"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-g9kd-xhm7-fbbp"},{"vulnerability":"VCID-j2em-wgxm-b3af"},{"vulnerability":"VCID-ja5a-zt3y-7ugp"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m9yu-1tca-vfec"},{"vulnerability":"VCID-ny92-a3hq-z3es"},{"vulnerability":"VCID-pt7n-4xyk-ayhd"},{"vulnerability":"VCID-pu1y-mtu6-pugz"},{"vulnerability":"VCID-qmbn-ma1j-4yc6"},{"vulnerability":"VCID-qxqn-abw1-3qfc"},{"vulnerability":"VCID-r47q-qn2f-qkd9"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-st8g-tn8f-wyat"},{"vulnerability":"VCID-v7jx-ku4g-37hy"},{"vulnerability":"VCID-vcs8-625u-wbg4"},{"vulnerability":"VCID-zd8e-33zb-cubx"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.5"}],"aliases":["TYPO3-CORE-SA-2017-004"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y5vr-zzjq-6ufk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13581?format=json","vulnerability_id":"VCID-zd8e-33zb-cubx","summary":"Security Misconfiguration in User Session Handling.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-011/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-011/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56968?format=json","purl":"pkg:composer/typo3/cms@8.7.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.25"},{"url":"http://public2.vulnerablecode.io/api/packages/56969?format=json","purl":"pkg:composer/typo3/cms@9.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3q83-a9fg-myfk"},{"vulnerability":"VCID-5nbd-n22c-c3es"},{"vulnerability":"VCID-6hc5-w52t-kkf3"},{"vulnerability":"VCID-eyxt-9p91-vfdf"},{"vulnerability":"VCID-fhf6-ehe3-9fc9"},{"vulnerability":"VCID-fjmf-pf49-vbde"},{"vulnerability":"VCID-fm88-sv4z-qyak"},{"vulnerability":"VCID-j7kv-7qug-jbcc"},{"vulnerability":"VCID-jrkx-ccre-7fb6"},{"vulnerability":"VCID-m1y3-csp4-aqe4"},{"vulnerability":"VCID-ssz6-xrjr-7kee"},{"vulnerability":"VCID-zptn-f2ua-wfa8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.6"}],"aliases":["GMS-2019-181"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zd8e-33zb-cubx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/142749?format=json","vulnerability_id":"VCID-zptn-f2ua-wfa8","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19849","reference_id":"","reference_type":"","scores":[{"value":"0.00746","scoring_system":"epss","scoring_elements":"0.73365","published_at":"2026-05-30T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19849"},{"reference_url":"https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security","reference_id":"","reference_type":"","scores":[],"url":"https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-026/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-026/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19849","reference_id":"CVE-2019-19849","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-19849"}],"fixed_packages":[],"aliases":["CVE-2019-19849"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zptn-f2ua-wfa8"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.1"}