{"url":"http://public2.vulnerablecode.io/api/packages/222495?format=json","purl":"pkg:composer/typo3/cms-core@8.7.11","type":"composer","namespace":"typo3","name":"cms-core","version":"8.7.11","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.5.25","latest_non_vulnerable_version":"14.0.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54229?format=json","vulnerability_id":"VCID-1ffs-9vj5-27hk","summary":"Path Traversal\nDue to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data in the Form Designer backend module of the Form Framework. In the default configuration of the Form Framework this allows attackers to explicitly allow arbitrary mime-types for file uploads - however, default `_fileDenyPattern_` successfully blocked files like `_.htaccess_` or `_malicious.php_`. Besides that, attackers can persist those files in any writable directory of the corresponding TYPO3 installation. A valid backend user account with access to the form module is needed to exploit this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21357","reference_id":"","reference_type":"","scores":[{"value":"0.01121","scoring_system":"epss","scoring_elements":"0.78584","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21357"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21357.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21357.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21357.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21357.yaml"},{"reference_url":"https://packagist.org/packages/typo3/cms-form","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/typo3/cms-form"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2021-003","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-core-sa-2021-003"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21357","reference_id":"CVE-2021-21357","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21357"},{"reference_url":"https://github.com/advisories/GHSA-3vg7-jw9m-pc3f","reference_id":"GHSA-3vg7-jw9m-pc3f","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3vg7-jw9m-pc3f"},{"reference_url":"https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f","reference_id":"GHSA-3vg7-jw9m-pc3f","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:H/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-3vg7-jw9m-pc3f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58469?format=json","purl":"pkg:composer/typo3/cms-core@8.7.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j8hk-bqnb-gycp"},{"vulnerability":"VCID-sdjb-gp4t-vbgt"},{"vulnerability":"VCID-uq77-aax5-k7d8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.40"},{"url":"http://public2.vulnerablecode.io/api/packages/80039?format=json","purl":"pkg:composer/typo3/cms-core@9.5.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.25"},{"url":"http://public2.vulnerablecode.io/api/packages/80040?format=json","purl":"pkg:composer/typo3/cms-core@10.4.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/80041?format=json","purl":"pkg:composer/typo3/cms-core@11.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.1.1"}],"aliases":["CVE-2021-21357","GHSA-3vg7-jw9m-pc3f"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1ffs-9vj5-27hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41131?format=json","vulnerability_id":"VCID-1knh-es99-dubw","summary":"Code Injection\nArbitrary Code Execution and Cross-Site Scripting in Backend API.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-019/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-019/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58253?format=json","purl":"pkg:composer/typo3/cms-core@8.7.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-tgyt-axv1-c7ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.27"},{"url":"http://public2.vulnerablecode.io/api/packages/58254?format=json","purl":"pkg:composer/typo3/cms-core@9.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.8"}],"aliases":["GMS-2019-168"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1knh-es99-dubw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40622?format=json","vulnerability_id":"VCID-1prg-c74k-37ec","summary":"Code Injection\nArbitrary Code Execution via File List Module.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-008/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-008/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:composer/typo3/cms-core@8.7.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/56445?format=json","purl":"pkg:composer/typo3/cms-core@9.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4"}],"aliases":["GMS-2019-158"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1prg-c74k-37ec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40079?format=json","vulnerability_id":"VCID-2m67-xdxz-ryc2","summary":"Improper Authentication\nAuthentication Bypass in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-001/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56075?format=json","purl":"pkg:composer/typo3/cms-core@8.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-7ch1-q9f4-a7bt"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-b92x-56ng-3ygy"},{"vulnerability":"VCID-cg7w-xkyg-abgj"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-daz8-j1ns-rkgt"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-e9jc-8mpp-fkgh"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-nyw8-q5ef-2fcv"},{"vulnerability":"VCID-pwh8-c992-vqav"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-qxab-9uwr-yqhv"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-uaf3-fyst-u7gm"},{"vulnerability":"VCID-uncp-sa58-ufdd"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-z2bk-m2kw-h3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/56076?format=json","purl":"pkg:composer/typo3/cms-core@9.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-7ch1-q9f4-a7bt"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-daz8-j1ns-rkgt"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-e9jc-8mpp-fkgh"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-nyw8-q5ef-2fcv"},{"vulnerability":"VCID-pwh8-c992-vqav"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-qxab-9uwr-yqhv"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-uaf3-fyst-u7gm"},{"vulnerability":"VCID-uncp-sa58-ufdd"},{"vulnerability":"VCID-v7b1-x8hy-2kcg"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-z2bk-m2kw-h3c9"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.3.2"}],"aliases":["GMS-2018-81"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2m67-xdxz-ryc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41121?format=json","vulnerability_id":"VCID-6ffw-r4k7-5qf8","summary":"Security Misconfiguration in Frontend Session Handling.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-018/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-018/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58253?format=json","purl":"pkg:composer/typo3/cms-core@8.7.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-tgyt-axv1-c7ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.27"},{"url":"http://public2.vulnerablecode.io/api/packages/58254?format=json","purl":"pkg:composer/typo3/cms-core@9.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.8"}],"aliases":["GMS-2019-167"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ffw-r4k7-5qf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40631?format=json","vulnerability_id":"VCID-6q7t-kdrg-8qc3","summary":"Security Misconfiguration for Backend User Accounts.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-002/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-002/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:composer/typo3/cms-core@8.7.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/56445?format=json","purl":"pkg:composer/typo3/cms-core@9.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4"}],"aliases":["GMS-2019-153"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6q7t-kdrg-8qc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40618?format=json","vulnerability_id":"VCID-6rgp-dzw1-kycx","summary":"Cross-site Scripting\nCross-Site Scripting in Bootstrap CSS toolkit.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-006/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-006/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:composer/typo3/cms-core@8.7.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/56445?format=json","purl":"pkg:composer/typo3/cms-core@9.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4"}],"aliases":["GMS-2019-156"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6rgp-dzw1-kycx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40095?format=json","vulnerability_id":"VCID-7ch1-q9f4-a7bt","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIn Bootstrap, XSS is possible in the data-target property of scrollspy.","references":[{"reference_url":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"},{"reference_url":"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1456","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2019:1456"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14041.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14041.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14041","reference_id":"","reference_type":"","scores":[{"value":"0.07723","scoring_system":"epss","scoring_elements":"0.92076","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14041"},{"reference_url":"https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":""},{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2"},{"reference_url":"http://seclists.org/fulldisclosure/2019/May/10","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/May/10"},{"reference_url":"http://seclists.org/fulldisclosure/2019/May/11","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/May/11"},{"reference_url":"http://seclists.org/fulldisclosure/2019/May/13","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2019/May/13"},{"reference_url":"https://github.com/twbs/bootstrap","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/twbs/bootstrap"},{"reference_url":"https://github.com/twbs/bootstrap/issues/26423","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/twbs/bootstrap/issues/26423"},{"reference_url":"https://github.com/twbs/bootstrap/issues/26627","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/twbs/bootstrap/issues/26627"},{"reference_url":"https://github.com/twbs/bootstrap/pull/26630","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/twbs/bootstrap/pull/26630"},{"reference_url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E"},{"reference_url":"https://seclists.org/bugtraq/2019/May/18","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://seclists.org/bugtraq/2019/May/18"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-006","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-006"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1601616","reference_id":"1601616","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1601616"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14041","reference_id":"CVE-2018-14041","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14041"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml","reference_id":"CVE-2018-14041.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml","reference_id":"CVE-2018-14041.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml","reference_id":"CVE-2018-14041.YML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml"},{"reference_url":"https://github.com/advisories/GHSA-pj7m-g53m-7638","reference_id":"GHSA-pj7m-g53m-7638","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pj7m-g53m-7638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0552","reference_id":"RHSA-2023:0552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0553","reference_id":"RHSA-2023:0553","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0554","reference_id":"RHSA-2023:0554","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0554"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0556","reference_id":"RHSA-2023:0556","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0556"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:5693","reference_id":"RHSA-2023:5693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:5693"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:composer/typo3/cms-core@8.7.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/56445?format=json","purl":"pkg:composer/typo3/cms-core@9.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4"}],"aliases":["CVE-2018-14041","GHSA-pj7m-g53m-7638"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ch1-q9f4-a7bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41119?format=json","vulnerability_id":"VCID-82ds-xda8-5ye4","summary":"Insecure Deserialization in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-020/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-020/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58253?format=json","purl":"pkg:composer/typo3/cms-core@8.7.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-tgyt-axv1-c7ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.27"},{"url":"http://public2.vulnerablecode.io/api/packages/58254?format=json","purl":"pkg:composer/typo3/cms-core@9.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.8"}],"aliases":["GMS-2019-169"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-82ds-xda8-5ye4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54219?format=json","vulnerability_id":"VCID-848u-w88s-5bbe","summary":"Unrestricted Upload of File with Dangerous Type\nDue to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default `_fileDenyPattern_` successfully blocked files like `_.htaccess_` or `_malicious.php_`. Additionally, `_UploadedFileReferenceConverter_` transforming uploaded files into proper FileReference domain model objects handles possible file uploads for other extensions as well - given those extensions use the Extbase MVC framework, make use of FileReference items in their direct or inherited domain model definitions and did not implement their own type converter. In case this scenario applies, `_UploadedFileReferenceConverter_` accepts any file mime-type and persists files in the default location. In any way, uploaded files are placed in the default location `_/fileadmin/user_upload/_`, in most scenarios keeping the submitted filename - which allows attackers to directly reference files, or even correctly guess filenames used by other individuals, disclosing this information. No authentication is required to exploit this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21355","reference_id":"","reference_type":"","scores":[{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.62059","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21355"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21355.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21355.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21355.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21355.yaml"},{"reference_url":"https://packagist.org/packages/typo3/cms-form","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/typo3/cms-form"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2021-002","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-core-sa-2021-002"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21355","reference_id":"CVE-2021-21355","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21355"},{"reference_url":"https://github.com/advisories/GHSA-2r6j-862c-m2v2","reference_id":"GHSA-2r6j-862c-m2v2","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2r6j-862c-m2v2"},{"reference_url":"https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2","reference_id":"GHSA-2r6j-862c-m2v2","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:L/E:F/RL:O/RC:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2r6j-862c-m2v2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58469?format=json","purl":"pkg:composer/typo3/cms-core@8.7.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j8hk-bqnb-gycp"},{"vulnerability":"VCID-sdjb-gp4t-vbgt"},{"vulnerability":"VCID-uq77-aax5-k7d8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.40"},{"url":"http://public2.vulnerablecode.io/api/packages/80039?format=json","purl":"pkg:composer/typo3/cms-core@9.5.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.25"},{"url":"http://public2.vulnerablecode.io/api/packages/80040?format=json","purl":"pkg:composer/typo3/cms-core@10.4.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/80041?format=json","purl":"pkg:composer/typo3/cms-core@11.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.1.1"}],"aliases":["CVE-2021-21355","GHSA-2r6j-862c-m2v2"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-848u-w88s-5bbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40956?format=json","vulnerability_id":"VCID-8sek-v483-8ueu","summary":"Code Injection\nPossible Arbitrary Code Execution in Image Processing.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-012/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-012/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57971?format=json","purl":"pkg:composer/typo3/cms-core@8.7.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-cbmm-1b2k-8qaz"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-tgyt-axv1-c7ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.25"},{"url":"http://public2.vulnerablecode.io/api/packages/57972?format=json","purl":"pkg:composer/typo3/cms-core@9.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cbmm-1b2k-8qaz"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.6"}],"aliases":["GMS-2019-162"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8sek-v483-8ueu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40495?format=json","vulnerability_id":"VCID-b92x-56ng-3ygy","summary":"Uncontrolled Resource Consumption\nDenial of Service in Frontend Record Registration.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-012/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-012/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-cg7w-xkyg-abgj"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/56073?format=json","purl":"pkg:composer/typo3/cms-core@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-2m67-xdxz-ryc2"},{"vulnerability":"VCID-2rhr-8vaz-hqfj"},{"vulnerability":"VCID-3ebd-765h-j3g7"},{"vulnerability":"VCID-3hta-35zx-zuc4"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-4q6d-bd3h-t7f4"},{"vulnerability":"VCID-4rfq-u488-sbh5"},{"vulnerability":"VCID-51k2-j834-pffb"},{"vulnerability":"VCID-5nq2-nchj-fkc8"},{"vulnerability":"VCID-5ync-ktk5-23gh"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-78ff-k66z-bkh7"},{"vulnerability":"VCID-7ch1-q9f4-a7bt"},{"vulnerability":"VCID-7r4g-gxc6-hubh"},{"vulnerability":"VCID-7snt-7hyt-1fbx"},{"vulnerability":"VCID-8216-asqx-f7eb"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-87ej-qn3k-t3dy"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-9mpc-hjjh-u3d2"},{"vulnerability":"VCID-a1g9-pyz5-9fca"},{"vulnerability":"VCID-an3r-c2yp-1bbd"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-bzqv-s7g3-wff9"},{"vulnerability":"VCID-cf9m-qdyj-eyav"},{"vulnerability":"VCID-cgny-nmk3-4fcd"},{"vulnerability":"VCID-cq82-qt6v-dfhz"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-daz8-j1ns-rkgt"},{"vulnerability":"VCID-dzrt-8tny-kbcy"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-e9jc-8mpp-fkgh"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-eq57-btkt-hug8"},{"vulnerability":"VCID-etcc-43a3-a7ek"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-f9pk-cwyr-a7cv"},{"vulnerability":"VCID-fgkd-jp96-cbcs"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-g3t9-1yx2-6ufd"},{"vulnerability":"VCID-gemf-j9uj-jka1"},{"vulnerability":"VCID-gvag-nxmd-s7d1"},{"vulnerability":"VCID-hfcx-1kuh-p3ez"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-hr6r-88m3-9udv"},{"vulnerability":"VCID-j8hk-bqnb-gycp"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-ke39-846j-kbh3"},{"vulnerability":"VCID-myhc-dyh9-xygg"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-nyw8-q5ef-2fcv"},{"vulnerability":"VCID-pwh8-c992-vqav"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-qtyt-338b-ayay"},{"vulnerability":"VCID-qxab-9uwr-yqhv"},{"vulnerability":"VCID-rzx5-nv6h-qqhg"},{"vulnerability":"VCID-sdjb-gp4t-vbgt"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-uaf3-fyst-u7gm"},{"vulnerability":"VCID-uhrk-ad4f-nqgh"},{"vulnerability":"VCID-uncp-sa58-ufdd"},{"vulnerability":"VCID-uq77-aax5-k7d8"},{"vulnerability":"VCID-uua1-9rt1-dfbz"},{"vulnerability":"VCID-v7b1-x8hy-2kcg"},{"vulnerability":"VCID-w94g-xxea-23fb"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-x3n3-tsjh-8kby"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-y3zj-acc7-jkau"},{"vulnerability":"VCID-yf3d-yyzq-guh1"},{"vulnerability":"VCID-ygw1-vqxg-z3h3"},{"vulnerability":"VCID-z2bk-m2kw-h3c9"},{"vulnerability":"VCID-z718-97ez-r7g3"},{"vulnerability":"VCID-zbm9-cx69-wqg3"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.0.0"}],"aliases":["GMS-2018-91"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b92x-56ng-3ygy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40084?format=json","vulnerability_id":"VCID-cf9m-qdyj-eyav","summary":"Privilege Escalation & SQL Injection in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-003/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-003/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56075?format=json","purl":"pkg:composer/typo3/cms-core@8.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-7ch1-q9f4-a7bt"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-b92x-56ng-3ygy"},{"vulnerability":"VCID-cg7w-xkyg-abgj"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-daz8-j1ns-rkgt"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-e9jc-8mpp-fkgh"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-nyw8-q5ef-2fcv"},{"vulnerability":"VCID-pwh8-c992-vqav"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-qxab-9uwr-yqhv"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-uaf3-fyst-u7gm"},{"vulnerability":"VCID-uncp-sa58-ufdd"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-z2bk-m2kw-h3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/56076?format=json","purl":"pkg:composer/typo3/cms-core@9.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-7ch1-q9f4-a7bt"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-daz8-j1ns-rkgt"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-e9jc-8mpp-fkgh"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-nyw8-q5ef-2fcv"},{"vulnerability":"VCID-pwh8-c992-vqav"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-qxab-9uwr-yqhv"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-uaf3-fyst-u7gm"},{"vulnerability":"VCID-uncp-sa58-ufdd"},{"vulnerability":"VCID-v7b1-x8hy-2kcg"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-z2bk-m2kw-h3c9"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.3.2"}],"aliases":["GMS-2018-83"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cf9m-qdyj-eyav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40637?format=json","vulnerability_id":"VCID-cg7w-xkyg-abgj","summary":"Improper Access Control\nBroken Access Control in Localization Handling.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-003/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-003/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:composer/typo3/cms-core@8.7.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/56073?format=json","purl":"pkg:composer/typo3/cms-core@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-2m67-xdxz-ryc2"},{"vulnerability":"VCID-2rhr-8vaz-hqfj"},{"vulnerability":"VCID-3ebd-765h-j3g7"},{"vulnerability":"VCID-3hta-35zx-zuc4"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-4q6d-bd3h-t7f4"},{"vulnerability":"VCID-4rfq-u488-sbh5"},{"vulnerability":"VCID-51k2-j834-pffb"},{"vulnerability":"VCID-5nq2-nchj-fkc8"},{"vulnerability":"VCID-5ync-ktk5-23gh"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-78ff-k66z-bkh7"},{"vulnerability":"VCID-7ch1-q9f4-a7bt"},{"vulnerability":"VCID-7r4g-gxc6-hubh"},{"vulnerability":"VCID-7snt-7hyt-1fbx"},{"vulnerability":"VCID-8216-asqx-f7eb"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-87ej-qn3k-t3dy"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-9mpc-hjjh-u3d2"},{"vulnerability":"VCID-a1g9-pyz5-9fca"},{"vulnerability":"VCID-an3r-c2yp-1bbd"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-bzqv-s7g3-wff9"},{"vulnerability":"VCID-cf9m-qdyj-eyav"},{"vulnerability":"VCID-cgny-nmk3-4fcd"},{"vulnerability":"VCID-cq82-qt6v-dfhz"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-daz8-j1ns-rkgt"},{"vulnerability":"VCID-dzrt-8tny-kbcy"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-e9jc-8mpp-fkgh"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-eq57-btkt-hug8"},{"vulnerability":"VCID-etcc-43a3-a7ek"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-f9pk-cwyr-a7cv"},{"vulnerability":"VCID-fgkd-jp96-cbcs"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-g3t9-1yx2-6ufd"},{"vulnerability":"VCID-gemf-j9uj-jka1"},{"vulnerability":"VCID-gvag-nxmd-s7d1"},{"vulnerability":"VCID-hfcx-1kuh-p3ez"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-hr6r-88m3-9udv"},{"vulnerability":"VCID-j8hk-bqnb-gycp"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-ke39-846j-kbh3"},{"vulnerability":"VCID-myhc-dyh9-xygg"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-nyw8-q5ef-2fcv"},{"vulnerability":"VCID-pwh8-c992-vqav"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-qtyt-338b-ayay"},{"vulnerability":"VCID-qxab-9uwr-yqhv"},{"vulnerability":"VCID-rzx5-nv6h-qqhg"},{"vulnerability":"VCID-sdjb-gp4t-vbgt"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-uaf3-fyst-u7gm"},{"vulnerability":"VCID-uhrk-ad4f-nqgh"},{"vulnerability":"VCID-uncp-sa58-ufdd"},{"vulnerability":"VCID-uq77-aax5-k7d8"},{"vulnerability":"VCID-uua1-9rt1-dfbz"},{"vulnerability":"VCID-v7b1-x8hy-2kcg"},{"vulnerability":"VCID-w94g-xxea-23fb"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-x3n3-tsjh-8kby"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-y3zj-acc7-jkau"},{"vulnerability":"VCID-yf3d-yyzq-guh1"},{"vulnerability":"VCID-ygw1-vqxg-z3h3"},{"vulnerability":"VCID-z2bk-m2kw-h3c9"},{"vulnerability":"VCID-z718-97ez-r7g3"},{"vulnerability":"VCID-zbm9-cx69-wqg3"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.0.0"}],"aliases":["GMS-2019-154"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cg7w-xkyg-abgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41125?format=json","vulnerability_id":"VCID-cv9x-ea8e-pufu","summary":"Cross-site Scripting\nCross-Site Scripting in Link Handling.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-015/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-015/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58253?format=json","purl":"pkg:composer/typo3/cms-core@8.7.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-tgyt-axv1-c7ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.27"},{"url":"http://public2.vulnerablecode.io/api/packages/58254?format=json","purl":"pkg:composer/typo3/cms-core@9.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.8"}],"aliases":["GMS-2019-166"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cv9x-ea8e-pufu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40508?format=json","vulnerability_id":"VCID-daz8-j1ns-rkgt","summary":"Information Disclosure in Install Tool.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-010/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-010/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-cg7w-xkyg-abgj"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57059?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-v7b1-x8hy-2kcg"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["GMS-2018-89"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-daz8-j1ns-rkgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41126?format=json","vulnerability_id":"VCID-e8ze-umec-a7hx","summary":"Information Disclosure in Backend User Interface.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-014/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-014/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58253?format=json","purl":"pkg:composer/typo3/cms-core@8.7.27","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-tgyt-axv1-c7ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.27"},{"url":"http://public2.vulnerablecode.io/api/packages/58254?format=json","purl":"pkg:composer/typo3/cms-core@9.5.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.8"}],"aliases":["GMS-2019-165"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8ze-umec-a7hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40499?format=json","vulnerability_id":"VCID-e9jc-8mpp-fkgh","summary":"Security Misconfiguration in Install Tool Cookie.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-009/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-009/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-cg7w-xkyg-abgj"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57059?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-v7b1-x8hy-2kcg"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["GMS-2018-88"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9jc-8mpp-fkgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54233?format=json","vulnerability_id":"VCID-ev4k-5k1d-2bhu","summary":"URL Redirection to Untrusted Site (Open Redirect)\nLogin Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21338","reference_id":"","reference_type":"","scores":[{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48774","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21338"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml"},{"reference_url":"https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp"},{"reference_url":"https://packagist.org/packages/typo3/cms-core","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/typo3/cms-core"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2021-001","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-core-sa-2021-001"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21338","reference_id":"CVE-2021-21338","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21338"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58469?format=json","purl":"pkg:composer/typo3/cms-core@8.7.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j8hk-bqnb-gycp"},{"vulnerability":"VCID-sdjb-gp4t-vbgt"},{"vulnerability":"VCID-uq77-aax5-k7d8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.40"},{"url":"http://public2.vulnerablecode.io/api/packages/80039?format=json","purl":"pkg:composer/typo3/cms-core@9.5.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.25"},{"url":"http://public2.vulnerablecode.io/api/packages/80040?format=json","purl":"pkg:composer/typo3/cms-core@10.4.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/80041?format=json","purl":"pkg:composer/typo3/cms-core@11.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.1.1"}],"aliases":["CVE-2021-21338","GHSA-4jhw-2p6j-5wmp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ev4k-5k1d-2bhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54220?format=json","vulnerability_id":"VCID-fqkx-v8t5-q3h6","summary":"Cleartext Storage of Sensitive Information\nUser session identifiers are stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - for example SQL injection in any other component of the system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21339","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32224","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21339"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml"},{"reference_url":"https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch"},{"reference_url":"https://packagist.org/packages/typo3/cms-core","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/typo3/cms-core"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2021-006","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-core-sa-2021-006"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21339","reference_id":"CVE-2021-21339","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21339"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58469?format=json","purl":"pkg:composer/typo3/cms-core@8.7.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j8hk-bqnb-gycp"},{"vulnerability":"VCID-sdjb-gp4t-vbgt"},{"vulnerability":"VCID-uq77-aax5-k7d8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.40"},{"url":"http://public2.vulnerablecode.io/api/packages/80039?format=json","purl":"pkg:composer/typo3/cms-core@9.5.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.25"},{"url":"http://public2.vulnerablecode.io/api/packages/80040?format=json","purl":"pkg:composer/typo3/cms-core@10.4.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/80041?format=json","purl":"pkg:composer/typo3/cms-core@11.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.1.1"}],"aliases":["CVE-2021-21339","GHSA-qx3w-4864-94ch"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fqkx-v8t5-q3h6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40081?format=json","vulnerability_id":"VCID-hfcx-1kuh-p3ez","summary":"Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-002/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-002/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56075?format=json","purl":"pkg:composer/typo3/cms-core@8.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-7ch1-q9f4-a7bt"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-b92x-56ng-3ygy"},{"vulnerability":"VCID-cg7w-xkyg-abgj"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-daz8-j1ns-rkgt"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-e9jc-8mpp-fkgh"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-nyw8-q5ef-2fcv"},{"vulnerability":"VCID-pwh8-c992-vqav"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-qxab-9uwr-yqhv"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-uaf3-fyst-u7gm"},{"vulnerability":"VCID-uncp-sa58-ufdd"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-z2bk-m2kw-h3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/56076?format=json","purl":"pkg:composer/typo3/cms-core@9.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-7ch1-q9f4-a7bt"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-daz8-j1ns-rkgt"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-e9jc-8mpp-fkgh"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-nyw8-q5ef-2fcv"},{"vulnerability":"VCID-pwh8-c992-vqav"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-qxab-9uwr-yqhv"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-uaf3-fyst-u7gm"},{"vulnerability":"VCID-uncp-sa58-ufdd"},{"vulnerability":"VCID-v7b1-x8hy-2kcg"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-z2bk-m2kw-h3c9"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.3.2"}],"aliases":["GMS-2018-82"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hfcx-1kuh-p3ez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40957?format=json","vulnerability_id":"VCID-hnyk-614g-yuhy","summary":"Security Misconfiguration in User Session Handling.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-011/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-011/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57971?format=json","purl":"pkg:composer/typo3/cms-core@8.7.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-cbmm-1b2k-8qaz"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-tgyt-axv1-c7ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.25"},{"url":"http://public2.vulnerablecode.io/api/packages/57972?format=json","purl":"pkg:composer/typo3/cms-core@9.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cbmm-1b2k-8qaz"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.6"}],"aliases":["GMS-2019-161"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hnyk-614g-yuhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54221?format=json","vulnerability_id":"VCID-jp1p-rfxa-hyd9","summary":"Cross-site Scripting\nContent elements of type `_menu_` are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21370","reference_id":"","reference_type":"","scores":[{"value":"0.00342","scoring_system":"epss","scoring_elements":"0.57112","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-21370"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml"},{"reference_url":"https://packagist.org/packages/typo3/cms-backend","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/typo3/cms-backend"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2021-008","reference_id":"","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-core-sa-2021-008"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21370","reference_id":"CVE-2021-21370","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-21370"},{"reference_url":"https://github.com/advisories/GHSA-x7hc-x7fm-f7qh","reference_id":"GHSA-x7hc-x7fm-f7qh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x7hc-x7fm-f7qh"},{"reference_url":"https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh","reference_id":"GHSA-x7hc-x7fm-f7qh","reference_type":"","scores":[{"value":"5.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58469?format=json","purl":"pkg:composer/typo3/cms-core@8.7.40","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j8hk-bqnb-gycp"},{"vulnerability":"VCID-sdjb-gp4t-vbgt"},{"vulnerability":"VCID-uq77-aax5-k7d8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.40"},{"url":"http://public2.vulnerablecode.io/api/packages/80039?format=json","purl":"pkg:composer/typo3/cms-core@9.5.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.25"},{"url":"http://public2.vulnerablecode.io/api/packages/80040?format=json","purl":"pkg:composer/typo3/cms-core@10.4.14","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.14"},{"url":"http://public2.vulnerablecode.io/api/packages/80041?format=json","purl":"pkg:composer/typo3/cms-core@11.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.1.1"}],"aliases":["CVE-2021-21370","GHSA-x7hc-x7fm-f7qh"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jp1p-rfxa-hyd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40630?format=json","vulnerability_id":"VCID-k8r2-2ak8-qkak","summary":"Cross-site Scripting\nCross-Site Scripting in Form Framework.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-007/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-007/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:composer/typo3/cms-core@8.7.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/56445?format=json","purl":"pkg:composer/typo3/cms-core@9.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4"}],"aliases":["GMS-2019-157"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8r2-2ak8-qkak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40628?format=json","vulnerability_id":"VCID-n56h-zuzr-ruhf","summary":"Cross-site Scripting\nCross-Site Scripting in Fluid `ViewHelpers`.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-005/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:composer/typo3/cms-core@8.7.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/56445?format=json","purl":"pkg:composer/typo3/cms-core@9.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4"}],"aliases":["GMS-2019-155"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n56h-zuzr-ruhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40498?format=json","vulnerability_id":"VCID-nyw8-q5ef-2fcv","summary":"Uncontrolled Resource Consumption\nDenial of Service in Online Media Asset Handling.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-011/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-011/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-cg7w-xkyg-abgj"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57059?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-v7b1-x8hy-2kcg"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["GMS-2018-90"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nyw8-q5ef-2fcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40502?format=json","vulnerability_id":"VCID-pwh8-c992-vqav","summary":"Cross-site Scripting\nCross-Site Scripting in CKEditor.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-005/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-cg7w-xkyg-abgj"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57059?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-v7b1-x8hy-2kcg"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["GMS-2018-92"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pwh8-c992-vqav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40965?format=json","vulnerability_id":"VCID-qr1u-kcn9-cuf6","summary":"Cross-site Scripting\nCross-Site Scripting in Fluid Engine.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-013/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-013/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57971?format=json","purl":"pkg:composer/typo3/cms-core@8.7.25","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-cbmm-1b2k-8qaz"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-tgyt-axv1-c7ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.25"},{"url":"http://public2.vulnerablecode.io/api/packages/57972?format=json","purl":"pkg:composer/typo3/cms-core@9.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cbmm-1b2k-8qaz"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.6"}],"aliases":["GMS-2019-160"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qr1u-kcn9-cuf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40440?format=json","vulnerability_id":"VCID-qxab-9uwr-yqhv","summary":"Cross-site Scripting\nCKEditor allows user-assisted XSS involving a source-mode paste.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17960","reference_id":"","reference_type":"","scores":[{"value":"0.02024","scoring_system":"epss","scoring_elements":"0.84092","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17960"},{"reference_url":"https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released"},{"reference_url":"https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/","reference_id":"","reference_type":"","scores":[],"url":"https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/"},{"reference_url":"https://ckeditor.com/cke4/release/CKEditor-4.11.0","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ckeditor.com/cke4/release/CKEditor-4.11.0"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-005","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-005"},{"reference_url":"https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217","reference_id":"1015217","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015217"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17960","reference_id":"CVE-2018-17960","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17960"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml","reference_id":"CVE-2018-17960.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml","reference_id":"CVE-2018-17960.YAML","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml"},{"reference_url":"https://github.com/advisories/GHSA-g68x-vvqq-pvw3","reference_id":"GHSA-g68x-vvqq-pvw3","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g68x-vvqq-pvw3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-cg7w-xkyg-abgj"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57059?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-v7b1-x8hy-2kcg"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["CVE-2018-17960","GHSA-g68x-vvqq-pvw3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxab-9uwr-yqhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/53815?format=json","vulnerability_id":"VCID-tgyt-axv1-c7ag","summary":"Cross-site Scripting\nTYPO3 is an open source PHP based web content management system. In TYPO3 the system extension Fluid (typo3/cms-fluid) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. Update to TYPO3 that fix the problem described.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26227","reference_id":"","reference_type":"","scores":[{"value":"0.00359","scoring_system":"epss","scoring_elements":"0.5838","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26227"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-26227.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2020-26227.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-26227.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2020-26227.yaml"},{"reference_url":"https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-vqqx-jw6p-q3rf"},{"reference_url":"https://packagist.org/packages/typo3/cms-core","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://packagist.org/packages/typo3/cms-core"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2020-010","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-core-sa-2020-010"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26227","reference_id":"CVE-2020-26227","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26227"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/140217?format=json","purl":"pkg:composer/typo3/cms-core@8.7.38","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.38"},{"url":"http://public2.vulnerablecode.io/api/packages/79202?format=json","purl":"pkg:composer/typo3/cms-core@9.5.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.23"},{"url":"http://public2.vulnerablecode.io/api/packages/79195?format=json","purl":"pkg:composer/typo3/cms-core@10.4.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-6urp-p9mn-cffv"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-c46m-ht19-ybc4"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.10"}],"aliases":["CVE-2020-26227","GHSA-vqqx-jw6p-q3rf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tgyt-axv1-c7ag"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40493?format=json","vulnerability_id":"VCID-uaf3-fyst-u7gm","summary":"Cross-site Scripting\nCross-Site Scripting in Backend Modal Component.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-007/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-007/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-cg7w-xkyg-abgj"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57059?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-v7b1-x8hy-2kcg"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["GMS-2018-86"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uaf3-fyst-u7gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40510?format=json","vulnerability_id":"VCID-uncp-sa58-ufdd","summary":"Cross-site Scripting\nCross-Site Scripting in Online Media Asset Rendering.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-006/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-006/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-cg7w-xkyg-abgj"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57059?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-v7b1-x8hy-2kcg"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["GMS-2018-85"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uncp-sa58-ufdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40626?format=json","vulnerability_id":"VCID-wm4a-hcvt-vkbk","summary":"Information Disclosure of Installed Extensions.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-001/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:composer/typo3/cms-core@8.7.23","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/56445?format=json","purl":"pkg:composer/typo3/cms-core@9.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4"}],"aliases":["GMS-2019-152"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wm4a-hcvt-vkbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40506?format=json","vulnerability_id":"VCID-z2bk-m2kw-h3c9","summary":"Cross-site Scripting\nCross-Site Scripting in Frontend User Login.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-008/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-008/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-cg7w-xkyg-abgj"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57059?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-v7b1-x8hy-2kcg"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["GMS-2018-87"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z2bk-m2kw-h3c9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40083?format=json","vulnerability_id":"VCID-zbm9-cx69-wqg3","summary":"Insecure Deserialization in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-004/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-004/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56075?format=json","purl":"pkg:composer/typo3/cms-core@8.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-7ch1-q9f4-a7bt"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-b92x-56ng-3ygy"},{"vulnerability":"VCID-cg7w-xkyg-abgj"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-daz8-j1ns-rkgt"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-e9jc-8mpp-fkgh"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-nyw8-q5ef-2fcv"},{"vulnerability":"VCID-pwh8-c992-vqav"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-qxab-9uwr-yqhv"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-uaf3-fyst-u7gm"},{"vulnerability":"VCID-uncp-sa58-ufdd"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-z2bk-m2kw-h3c9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/56076?format=json","purl":"pkg:composer/typo3/cms-core@9.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ffs-9vj5-27hk"},{"vulnerability":"VCID-1knh-es99-dubw"},{"vulnerability":"VCID-1prg-c74k-37ec"},{"vulnerability":"VCID-1sfk-z8py-ykb8"},{"vulnerability":"VCID-23ss-xwrm-1qcu"},{"vulnerability":"VCID-4an7-9ph4-mkd4"},{"vulnerability":"VCID-6ffw-r4k7-5qf8"},{"vulnerability":"VCID-6mnf-2fcw-dqgp"},{"vulnerability":"VCID-6q7t-kdrg-8qc3"},{"vulnerability":"VCID-6rgp-dzw1-kycx"},{"vulnerability":"VCID-7ch1-q9f4-a7bt"},{"vulnerability":"VCID-82ds-xda8-5ye4"},{"vulnerability":"VCID-848u-w88s-5bbe"},{"vulnerability":"VCID-8sek-v483-8ueu"},{"vulnerability":"VCID-8w4e-d49b-nbg8"},{"vulnerability":"VCID-bbh5-rss8-bfct"},{"vulnerability":"VCID-cv9x-ea8e-pufu"},{"vulnerability":"VCID-daz8-j1ns-rkgt"},{"vulnerability":"VCID-e6zr-4bgg-kkh5"},{"vulnerability":"VCID-e8ze-umec-a7hx"},{"vulnerability":"VCID-e9jc-8mpp-fkgh"},{"vulnerability":"VCID-efrn-3w2z-xyaf"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-hnyk-614g-yuhy"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-k8r2-2ak8-qkak"},{"vulnerability":"VCID-n1gz-y615-cbbk"},{"vulnerability":"VCID-n56h-zuzr-ruhf"},{"vulnerability":"VCID-nyw8-q5ef-2fcv"},{"vulnerability":"VCID-pwh8-c992-vqav"},{"vulnerability":"VCID-qr1u-kcn9-cuf6"},{"vulnerability":"VCID-qxab-9uwr-yqhv"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-uaf3-fyst-u7gm"},{"vulnerability":"VCID-uncp-sa58-ufdd"},{"vulnerability":"VCID-v7b1-x8hy-2kcg"},{"vulnerability":"VCID-wm4a-hcvt-vkbk"},{"vulnerability":"VCID-x5jb-yj3d-qbdf"},{"vulnerability":"VCID-z2bk-m2kw-h3c9"},{"vulnerability":"VCID-zeut-9wfp-q7et"},{"vulnerability":"VCID-zhcb-h8ph-7uhk"},{"vulnerability":"VCID-zkvq-bms4-gfcv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.3.2"}],"aliases":["GMS-2018-84"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zbm9-cx69-wqg3"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.11"}