{"url":"http://public2.vulnerablecode.io/api/packages/23811?format=json","purl":"pkg:composer/typo3/cms-core@7.1.0","type":"composer","namespace":"typo3","name":"cms-core","version":"7.1.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"12.4.41","latest_non_vulnerable_version":"14.0.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19720?format=json","vulnerability_id":"VCID-5z59-dn7p-xbc5","summary":"TYPO3 Cross-Site Scripting in Backend Modal Component\nFailing to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-2.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-2.yaml"},{"reference_url":"https://github.com/TYPO3-CMS/core","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3-CMS/core"},{"reference_url":"https://github.com/TYPO3-CMS/core/commit/3c1deac4db61ac1ac4231799beb1f49c28eb2b4d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3-CMS/core/commit/3c1deac4db61ac1ac4231799beb1f49c28eb2b4d"},{"reference_url":"https://github.com/TYPO3-CMS/core/commit/983ecc4ea3a841aca7ff2bb1d2f0e0318c3646b3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3-CMS/core/commit/983ecc4ea3a841aca7ff2bb1d2f0e0318c3646b3"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-007","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-007"},{"reference_url":"https://github.com/advisories/GHSA-g4c9-qfvw-fmr4","reference_id":"GHSA-g4c9-qfvw-fmr4","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4c9-qfvw-fmr4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33598?format=json","purl":"pkg:composer/typo3/cms-core@7.6.32","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.32"},{"url":"http://public2.vulnerablecode.io/api/packages/33468?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21e8-x7mp-hugk"},{"vulnerability":"VCID-2meq-x4kd-bbdn"},{"vulnerability":"VCID-3n2r-awja-dug9"},{"vulnerability":"VCID-3v4n-fzxa-bfaw"},{"vulnerability":"VCID-4jpa-6fqh-hbfg"},{"vulnerability":"VCID-551q-gpyd-ffe8"},{"vulnerability":"VCID-5jgb-dsyx-hyb4"},{"vulnerability":"VCID-5mxm-88r9-hfey"},{"vulnerability":"VCID-5paq-5frf-43ed"},{"vulnerability":"VCID-5u4q-m66t-wqcj"},{"vulnerability":"VCID-9g62-zd1x-3bdg"},{"vulnerability":"VCID-9gpp-ez8w-rqav"},{"vulnerability":"VCID-9x6r-56xm-n7h7"},{"vulnerability":"VCID-9zqs-hjay-fkev"},{"vulnerability":"VCID-axaf-45kr-kbfe"},{"vulnerability":"VCID-axvk-13qf-tka7"},{"vulnerability":"VCID-b6er-h7dm-3bev"},{"vulnerability":"VCID-bajy-qbwq-fufn"},{"vulnerability":"VCID-cm14-t8uv-k3es"},{"vulnerability":"VCID-d99v-v9cj-zfh2"},{"vulnerability":"VCID-dj88-f3p8-cfbn"},{"vulnerability":"VCID-dsu7-jjjq-f3e1"},{"vulnerability":"VCID-eajg-ctpd-2bby"},{"vulnerability":"VCID-ekfd-wp8z-d7e1"},{"vulnerability":"VCID-f4bv-pzdy-dfcb"},{"vulnerability":"VCID-f963-qur3-2qb7"},{"vulnerability":"VCID-g4uc-qeb6-myed"},{"vulnerability":"VCID-gcnj-6qb6-pbgz"},{"vulnerability":"VCID-gv1b-xtv4-4yg3"},{"vulnerability":"VCID-h6y3-7gsq-skh2"},{"vulnerability":"VCID-he5m-6wj4-rbhc"},{"vulnerability":"VCID-hhmn-yz5p-xkap"},{"vulnerability":"VCID-j77k-hjgx-5kc5"},{"vulnerability":"VCID-k8af-cg9k-87a9"},{"vulnerability":"VCID-mh4f-vtfj-hbb1"},{"vulnerability":"VCID-mnz3-rj21-67ad"},{"vulnerability":"VCID-n15v-ta9h-6ffb"},{"vulnerability":"VCID-n7ng-zkkb-2qaz"},{"vulnerability":"VCID-pmzz-9rws-4ud5"},{"vulnerability":"VCID-pss5-as4b-cyf2"},{"vulnerability":"VCID-px44-19tj-h7aa"},{"vulnerability":"VCID-q8hy-wjd9-nbgp"},{"vulnerability":"VCID-s53a-f91p-huf4"},{"vulnerability":"VCID-s55j-8hbt-akhn"},{"vulnerability":"VCID-s64f-x81f-b7ce"},{"vulnerability":"VCID-stzu-sxe6-5yf5"},{"vulnerability":"VCID-swnc-ke6h-ekew"},{"vulnerability":"VCID-t1n7-eswt-73gw"},{"vulnerability":"VCID-t3jn-vwbx-u7cr"},{"vulnerability":"VCID-taj6-zj2n-5kg8"},{"vulnerability":"VCID-tnjd-pyys-akav"},{"vulnerability":"VCID-vxry-uvph-kbfd"},{"vulnerability":"VCID-vyvy-y3cw-hbgr"},{"vulnerability":"VCID-wea9-egep-h7g5"},{"vulnerability":"VCID-xa4m-xpa9-v7h8"},{"vulnerability":"VCID-xh7y-56vy-5ud8"},{"vulnerability":"VCID-y32z-2d3f-gkgw"},{"vulnerability":"VCID-zdq2-dhb2-6kaq"},{"vulnerability":"VCID-zkea-ge1t-z7gn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/33470?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21e8-x7mp-hugk"},{"vulnerability":"VCID-2meq-x4kd-bbdn"},{"vulnerability":"VCID-2mn6-mdmz-4yd9"},{"vulnerability":"VCID-3n2r-awja-dug9"},{"vulnerability":"VCID-3v4n-fzxa-bfaw"},{"vulnerability":"VCID-461j-9hrc-gfbc"},{"vulnerability":"VCID-4jpa-6fqh-hbfg"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4t9s-p25a-cfas"},{"vulnerability":"VCID-543x-cnbz-1kb9"},{"vulnerability":"VCID-551q-gpyd-ffe8"},{"vulnerability":"VCID-58js-jzm4-4fc7"},{"vulnerability":"VCID-5jgb-dsyx-hyb4"},{"vulnerability":"VCID-5kzs-ex81-bbaj"},{"vulnerability":"VCID-5paq-5frf-43ed"},{"vulnerability":"VCID-5u4q-m66t-wqcj"},{"vulnerability":"VCID-65ue-7jd9-23gf"},{"vulnerability":"VCID-6a9t-8dmn-s3bv"},{"vulnerability":"VCID-8d2m-1ffv-jqe1"},{"vulnerability":"VCID-9g62-zd1x-3bdg"},{"vulnerability":"VCID-9gpp-ez8w-rqav"},{"vulnerability":"VCID-9x6r-56xm-n7h7"},{"vulnerability":"VCID-9zqs-hjay-fkev"},{"vulnerability":"VCID-a49c-fqrj-nbb3"},{"vulnerability":"VCID-axaf-45kr-kbfe"},{"vulnerability":"VCID-axvk-13qf-tka7"},{"vulnerability":"VCID-b6er-h7dm-3bev"},{"vulnerability":"VCID-bajy-qbwq-fufn"},{"vulnerability":"VCID-cm14-t8uv-k3es"},{"vulnerability":"VCID-d8d1-sat6-muhe"},{"vulnerability":"VCID-d99v-v9cj-zfh2"},{"vulnerability":"VCID-dj88-f3p8-cfbn"},{"vulnerability":"VCID-dmzb-gkdn-6bcm"},{"vulnerability":"VCID-dsu7-jjjq-f3e1"},{"vulnerability":"VCID-e32h-8q61-hbgc"},{"vulnerability":"VCID-eajg-ctpd-2bby"},{"vulnerability":"VCID-ekfd-wp8z-d7e1"},{"vulnerability":"VCID-f4bv-pzdy-dfcb"},{"vulnerability":"VCID-f963-qur3-2qb7"},{"vulnerability":"VCID-g4uc-qeb6-myed"},{"vulnerability":"VCID-gcnj-6qb6-pbgz"},{"vulnerability":"VCID-gv1b-xtv4-4yg3"},{"vulnerability":"VCID-h6y3-7gsq-skh2"},{"vulnerability":"VCID-he5m-6wj4-rbhc"},{"vulnerability":"VCID-hhmn-yz5p-xkap"},{"vulnerability":"VCID-k8af-cg9k-87a9"},{"vulnerability":"VCID-kj9x-psfz-2ug1"},{"vulnerability":"VCID-mh4f-vtfj-hbb1"},{"vulnerability":"VCID-mnz3-rj21-67ad"},{"vulnerability":"VCID-mud2-s4rc-fuf6"},{"vulnerability":"VCID-n15v-ta9h-6ffb"},{"vulnerability":"VCID-n7ng-zkkb-2qaz"},{"vulnerability":"VCID-nubu-f1sc-gbes"},{"vulnerability":"VCID-nxq4-m52q-yuh4"},{"vulnerability":"VCID-p715-yexd-jfgc"},{"vulnerability":"VCID-phgh-sd4m-zbdx"},{"vulnerability":"VCID-pmzz-9rws-4ud5"},{"vulnerability":"VCID-pss5-as4b-cyf2"},{"vulnerability":"VCID-px44-19tj-h7aa"},{"vulnerability":"VCID-q8hy-wjd9-nbgp"},{"vulnerability":"VCID-raxk-rm9v-hubn"},{"vulnerability":"VCID-remd-55jh-r3g5"},{"vulnerability":"VCID-s53a-f91p-huf4"},{"vulnerability":"VCID-s55j-8hbt-akhn"},{"vulnerability":"VCID-s64f-x81f-b7ce"},{"vulnerability":"VCID-stzu-sxe6-5yf5"},{"vulnerability":"VCID-sw7v-fbjk-13hy"},{"vulnerability":"VCID-swnc-ke6h-ekew"},{"vulnerability":"VCID-t1n7-eswt-73gw"},{"vulnerability":"VCID-t3jn-vwbx-u7cr"},{"vulnerability":"VCID-taj6-zj2n-5kg8"},{"vulnerability":"VCID-tnjd-pyys-akav"},{"vulnerability":"VCID-u9bx-8e86-wbew"},{"vulnerability":"VCID-ve7g-8st5-wffb"},{"vulnerability":"VCID-vxry-uvph-kbfd"},{"vulnerability":"VCID-vyvy-y3cw-hbgr"},{"vulnerability":"VCID-w13x-3rp9-wyej"},{"vulnerability":"VCID-wea9-egep-h7g5"},{"vulnerability":"VCID-xa4m-xpa9-v7h8"},{"vulnerability":"VCID-xh7y-56vy-5ud8"},{"vulnerability":"VCID-xtdg-uj46-rkcm"},{"vulnerability":"VCID-xy6y-312d-rygj"},{"vulnerability":"VCID-y32z-2d3f-gkgw"},{"vulnerability":"VCID-yzx1-4psv-7bhr"},{"vulnerability":"VCID-zdq2-dhb2-6kaq"},{"vulnerability":"VCID-zkea-ge1t-z7gn"},{"vulnerability":"VCID-zn99-ywte-33g6"},{"vulnerability":"VCID-zwgt-rm1f-6bf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["GHSA-g4c9-qfvw-fmr4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5z59-dn7p-xbc5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7789?format=json","vulnerability_id":"VCID-ampc-h88c-afh2","summary":"Information Exposure\nExtbase in TYPO3 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5091","reference_id":"","reference_type":"","scores":[{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.85119","published_at":"2026-05-15T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.84998","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.85005","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.85004","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.8502","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.85045","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.85064","published_at":"2026-05-09T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.85061","published_at":"2026-05-11T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.85077","published_at":"2026-05-12T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.8511","published_at":"2026-05-14T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.84876","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.84891","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.84909","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.84913","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.84936","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.84943","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.84959","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.84957","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.84952","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.84974","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.84975","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02369","scoring_system":"epss","scoring_elements":"0.84972","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5091"},{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013"},{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/05/25/4","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/05/25/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/05/26/2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2016/05/26/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5091","reference_id":"CVE-2016-5091","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5091"},{"reference_url":"https://github.com/advisories/GHSA-jxg5-35fj-ccwf","reference_id":"GHSA-jxg5-35fj-ccwf","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jxg5-35fj-ccwf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/23818?format=json","purl":"pkg:composer/typo3/cms-core@7.6.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.9"},{"url":"http://public2.vulnerablecode.io/api/packages/23819?format=json","purl":"pkg:composer/typo3/cms-core@8.1.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.1.2"}],"aliases":["CVE-2016-5091","GHSA-jxg5-35fj-ccwf"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ampc-h88c-afh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57345?format=json","vulnerability_id":"VCID-re9h-ze98-rbhu","summary":"Typo3 Cross-Site Scripting in Flash component (ELTS)\nTYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 included a vulnerable external component, which could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8091","reference_id":"","reference_type":"","scores":[{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95626","published_at":"2026-05-15T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95557","published_at":"2026-04-12T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95559","published_at":"2026-04-13T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95567","published_at":"2026-04-16T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95573","published_at":"2026-04-21T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95574","published_at":"2026-04-24T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95576","published_at":"2026-04-26T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95575","published_at":"2026-04-29T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95591","published_at":"2026-05-05T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95594","published_at":"2026-05-07T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95601","published_at":"2026-05-09T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95607","published_at":"2026-05-11T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95611","published_at":"2026-05-12T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95625","published_at":"2026-05-14T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95524","published_at":"2026-04-01T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95532","published_at":"2026-04-02T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95538","published_at":"2026-04-04T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95542","published_at":"2026-04-07T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95549","published_at":"2026-04-08T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95552","published_at":"2026-04-09T12:55:00Z"},{"value":"0.20517","scoring_system":"epss","scoring_elements":"0.95556","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8091"},{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"https://github.com/TYPO3/typo3/blob/4cb53e828bd5138d180cdf9cac1ccf7fd31086d2/typo3/sysext/core/Documentation/Changelog/7.2/Breaking-65962-WebSVGLibraryAndAPIRemoved.rst","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3/blob/4cb53e828bd5138d180cdf9cac1ccf7fd31086d2/typo3/sysext/core/Documentation/Changelog/7.2/Breaking-65962-WebSVGLibraryAndAPIRemoved.rst"},{"reference_url":"https://github.com/TYPO3/typo3/commit/482e2e992f80f5e38cb48fcaea40fd9812a5252c","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3/commit/482e2e992f80f5e38cb48fcaea40fd9812a5252c"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8091","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8091"},{"reference_url":"https://typo3.org/security/advisory/typo3-psa-2019-003","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-psa-2019-003"},{"reference_url":"https://typo3.org/security/advisory/typo3-psa-2019-003/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-psa-2019-003/"},{"reference_url":"https://www.purplemet.com/blog/typo3-xss-vulnerability","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.purplemet.com/blog/typo3-xss-vulnerability"},{"reference_url":"https://github.com/advisories/GHSA-qvhv-pwww-53jj","reference_id":"GHSA-qvhv-pwww-53jj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qvhv-pwww-53jj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/174689?format=json","purl":"pkg:composer/typo3/cms-core@8.7.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12y5-7b81-wkfu"},{"vulnerability":"VCID-21e8-x7mp-hugk"},{"vulnerability":"VCID-28bf-jvah-zkhw"},{"vulnerability":"VCID-2meq-x4kd-bbdn"},{"vulnerability":"VCID-3gg5-1921-rbfs"},{"vulnerability":"VCID-3n2r-awja-dug9"},{"vulnerability":"VCID-3v4n-fzxa-bfaw"},{"vulnerability":"VCID-4btk-jt5n-2ugf"},{"vulnerability":"VCID-4jpa-6fqh-hbfg"},{"vulnerability":"VCID-551q-gpyd-ffe8"},{"vulnerability":"VCID-5jgb-dsyx-hyb4"},{"vulnerability":"VCID-5mxm-88r9-hfey"},{"vulnerability":"VCID-5paq-5frf-43ed"},{"vulnerability":"VCID-5u4q-m66t-wqcj"},{"vulnerability":"VCID-5z59-dn7p-xbc5"},{"vulnerability":"VCID-6xmj-wbea-r7ex"},{"vulnerability":"VCID-9g62-zd1x-3bdg"},{"vulnerability":"VCID-9gpp-ez8w-rqav"},{"vulnerability":"VCID-9jj4-ec9n-qbhs"},{"vulnerability":"VCID-9x6r-56xm-n7h7"},{"vulnerability":"VCID-9zqs-hjay-fkev"},{"vulnerability":"VCID-a563-vtwa-hkbr"},{"vulnerability":"VCID-axaf-45kr-kbfe"},{"vulnerability":"VCID-axvk-13qf-tka7"},{"vulnerability":"VCID-ayw6-8pn4-17eb"},{"vulnerability":"VCID-b6er-h7dm-3bev"},{"vulnerability":"VCID-b81w-n2ne-z3ee"},{"vulnerability":"VCID-bajy-qbwq-fufn"},{"vulnerability":"VCID-bnne-7p2q-eqd2"},{"vulnerability":"VCID-cm14-t8uv-k3es"},{"vulnerability":"VCID-d99v-v9cj-zfh2"},{"vulnerability":"VCID-dj88-f3p8-cfbn"},{"vulnerability":"VCID-dm97-51uu-r7gw"},{"vulnerability":"VCID-dsu7-jjjq-f3e1"},{"vulnerability":"VCID-e268-wagv-sbex"},{"vulnerability":"VCID-eajg-ctpd-2bby"},{"vulnerability":"VCID-ebpa-58em-wqam"},{"vulnerability":"VCID-ehzg-bzrd-kbcc"},{"vulnerability":"VCID-ekfd-wp8z-d7e1"},{"vulnerability":"VCID-f4bv-pzdy-dfcb"},{"vulnerability":"VCID-f963-qur3-2qb7"},{"vulnerability":"VCID-g4uc-qeb6-myed"},{"vulnerability":"VCID-gcnj-6qb6-pbgz"},{"vulnerability":"VCID-gv1b-xtv4-4yg3"},{"vulnerability":"VCID-h6y3-7gsq-skh2"},{"vulnerability":"VCID-he5m-6wj4-rbhc"},{"vulnerability":"VCID-hhmn-yz5p-xkap"},{"vulnerability":"VCID-j77k-hjgx-5kc5"},{"vulnerability":"VCID-k8af-cg9k-87a9"},{"vulnerability":"VCID-mh4f-vtfj-hbb1"},{"vulnerability":"VCID-mnz3-rj21-67ad"},{"vulnerability":"VCID-n15v-ta9h-6ffb"},{"vulnerability":"VCID-n1cb-8py6-bbhu"},{"vulnerability":"VCID-n78p-x7hh-gqcf"},{"vulnerability":"VCID-n7ng-zkkb-2qaz"},{"vulnerability":"VCID-pmzz-9rws-4ud5"},{"vulnerability":"VCID-pss5-as4b-cyf2"},{"vulnerability":"VCID-px44-19tj-h7aa"},{"vulnerability":"VCID-q8hy-wjd9-nbgp"},{"vulnerability":"VCID-qb4j-9tz7-m7a2"},{"vulnerability":"VCID-rdrs-mhaw-b3ge"},{"vulnerability":"VCID-rwqs-3ktq-qqbd"},{"vulnerability":"VCID-s53a-f91p-huf4"},{"vulnerability":"VCID-s55j-8hbt-akhn"},{"vulnerability":"VCID-s64f-x81f-b7ce"},{"vulnerability":"VCID-sr3p-pdxy-4yhu"},{"vulnerability":"VCID-stzu-sxe6-5yf5"},{"vulnerability":"VCID-swnc-ke6h-ekew"},{"vulnerability":"VCID-t1n7-eswt-73gw"},{"vulnerability":"VCID-t3jn-vwbx-u7cr"},{"vulnerability":"VCID-taj6-zj2n-5kg8"},{"vulnerability":"VCID-tnjd-pyys-akav"},{"vulnerability":"VCID-tw1y-t4qj-j3d1"},{"vulnerability":"VCID-vxry-uvph-kbfd"},{"vulnerability":"VCID-vyvy-y3cw-hbgr"},{"vulnerability":"VCID-wea9-egep-h7g5"},{"vulnerability":"VCID-wkm6-cgc8-bfa8"},{"vulnerability":"VCID-xa4m-xpa9-v7h8"},{"vulnerability":"VCID-xh7y-56vy-5ud8"},{"vulnerability":"VCID-y32z-2d3f-gkgw"},{"vulnerability":"VCID-zdq2-dhb2-6kaq"},{"vulnerability":"VCID-zkea-ge1t-z7gn"},{"vulnerability":"VCID-zspb-bd6j-wyd2"},{"vulnerability":"VCID-zw9b-6vkf-3fc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.7"}],"aliases":["CVE-2020-8091","GHSA-qvhv-pwww-53jj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-re9h-ze98-rbhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/19758?format=json","vulnerability_id":"VCID-rwqs-3ktq-qqbd","summary":"TYPO3 Cross-Site Scripting in Frontend User Login\nFailing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile.\n\nTemplate patterns that are affected are\n\n- ###FEUSER_[fieldName]### using system extension felogin\n- <!--###USERNAME###--> for regular frontend rendering (pattern can be defined individually using TypoScript setting config.USERNAME_substToken)","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-3.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/2018-12-11-3.yaml"},{"reference_url":"https://github.com/TYPO3-CMS/core","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3-CMS/core"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-008","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-008"},{"reference_url":"https://github.com/advisories/GHSA-8c25-vj2w-p72j","reference_id":"GHSA-8c25-vj2w-p72j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8c25-vj2w-p72j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/33598?format=json","purl":"pkg:composer/typo3/cms-core@7.6.32","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.6.32"},{"url":"http://public2.vulnerablecode.io/api/packages/33468?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21e8-x7mp-hugk"},{"vulnerability":"VCID-2meq-x4kd-bbdn"},{"vulnerability":"VCID-3n2r-awja-dug9"},{"vulnerability":"VCID-3v4n-fzxa-bfaw"},{"vulnerability":"VCID-4jpa-6fqh-hbfg"},{"vulnerability":"VCID-551q-gpyd-ffe8"},{"vulnerability":"VCID-5jgb-dsyx-hyb4"},{"vulnerability":"VCID-5mxm-88r9-hfey"},{"vulnerability":"VCID-5paq-5frf-43ed"},{"vulnerability":"VCID-5u4q-m66t-wqcj"},{"vulnerability":"VCID-9g62-zd1x-3bdg"},{"vulnerability":"VCID-9gpp-ez8w-rqav"},{"vulnerability":"VCID-9x6r-56xm-n7h7"},{"vulnerability":"VCID-9zqs-hjay-fkev"},{"vulnerability":"VCID-axaf-45kr-kbfe"},{"vulnerability":"VCID-axvk-13qf-tka7"},{"vulnerability":"VCID-b6er-h7dm-3bev"},{"vulnerability":"VCID-bajy-qbwq-fufn"},{"vulnerability":"VCID-cm14-t8uv-k3es"},{"vulnerability":"VCID-d99v-v9cj-zfh2"},{"vulnerability":"VCID-dj88-f3p8-cfbn"},{"vulnerability":"VCID-dsu7-jjjq-f3e1"},{"vulnerability":"VCID-eajg-ctpd-2bby"},{"vulnerability":"VCID-ekfd-wp8z-d7e1"},{"vulnerability":"VCID-f4bv-pzdy-dfcb"},{"vulnerability":"VCID-f963-qur3-2qb7"},{"vulnerability":"VCID-g4uc-qeb6-myed"},{"vulnerability":"VCID-gcnj-6qb6-pbgz"},{"vulnerability":"VCID-gv1b-xtv4-4yg3"},{"vulnerability":"VCID-h6y3-7gsq-skh2"},{"vulnerability":"VCID-he5m-6wj4-rbhc"},{"vulnerability":"VCID-hhmn-yz5p-xkap"},{"vulnerability":"VCID-j77k-hjgx-5kc5"},{"vulnerability":"VCID-k8af-cg9k-87a9"},{"vulnerability":"VCID-mh4f-vtfj-hbb1"},{"vulnerability":"VCID-mnz3-rj21-67ad"},{"vulnerability":"VCID-n15v-ta9h-6ffb"},{"vulnerability":"VCID-n7ng-zkkb-2qaz"},{"vulnerability":"VCID-pmzz-9rws-4ud5"},{"vulnerability":"VCID-pss5-as4b-cyf2"},{"vulnerability":"VCID-px44-19tj-h7aa"},{"vulnerability":"VCID-q8hy-wjd9-nbgp"},{"vulnerability":"VCID-s53a-f91p-huf4"},{"vulnerability":"VCID-s55j-8hbt-akhn"},{"vulnerability":"VCID-s64f-x81f-b7ce"},{"vulnerability":"VCID-stzu-sxe6-5yf5"},{"vulnerability":"VCID-swnc-ke6h-ekew"},{"vulnerability":"VCID-t1n7-eswt-73gw"},{"vulnerability":"VCID-t3jn-vwbx-u7cr"},{"vulnerability":"VCID-taj6-zj2n-5kg8"},{"vulnerability":"VCID-tnjd-pyys-akav"},{"vulnerability":"VCID-vxry-uvph-kbfd"},{"vulnerability":"VCID-vyvy-y3cw-hbgr"},{"vulnerability":"VCID-wea9-egep-h7g5"},{"vulnerability":"VCID-xa4m-xpa9-v7h8"},{"vulnerability":"VCID-xh7y-56vy-5ud8"},{"vulnerability":"VCID-y32z-2d3f-gkgw"},{"vulnerability":"VCID-zdq2-dhb2-6kaq"},{"vulnerability":"VCID-zkea-ge1t-z7gn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/33470?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-21e8-x7mp-hugk"},{"vulnerability":"VCID-2meq-x4kd-bbdn"},{"vulnerability":"VCID-2mn6-mdmz-4yd9"},{"vulnerability":"VCID-3n2r-awja-dug9"},{"vulnerability":"VCID-3v4n-fzxa-bfaw"},{"vulnerability":"VCID-461j-9hrc-gfbc"},{"vulnerability":"VCID-4jpa-6fqh-hbfg"},{"vulnerability":"VCID-4mkw-tv16-jyca"},{"vulnerability":"VCID-4t9s-p25a-cfas"},{"vulnerability":"VCID-543x-cnbz-1kb9"},{"vulnerability":"VCID-551q-gpyd-ffe8"},{"vulnerability":"VCID-58js-jzm4-4fc7"},{"vulnerability":"VCID-5jgb-dsyx-hyb4"},{"vulnerability":"VCID-5kzs-ex81-bbaj"},{"vulnerability":"VCID-5paq-5frf-43ed"},{"vulnerability":"VCID-5u4q-m66t-wqcj"},{"vulnerability":"VCID-65ue-7jd9-23gf"},{"vulnerability":"VCID-6a9t-8dmn-s3bv"},{"vulnerability":"VCID-8d2m-1ffv-jqe1"},{"vulnerability":"VCID-9g62-zd1x-3bdg"},{"vulnerability":"VCID-9gpp-ez8w-rqav"},{"vulnerability":"VCID-9x6r-56xm-n7h7"},{"vulnerability":"VCID-9zqs-hjay-fkev"},{"vulnerability":"VCID-a49c-fqrj-nbb3"},{"vulnerability":"VCID-axaf-45kr-kbfe"},{"vulnerability":"VCID-axvk-13qf-tka7"},{"vulnerability":"VCID-b6er-h7dm-3bev"},{"vulnerability":"VCID-bajy-qbwq-fufn"},{"vulnerability":"VCID-cm14-t8uv-k3es"},{"vulnerability":"VCID-d8d1-sat6-muhe"},{"vulnerability":"VCID-d99v-v9cj-zfh2"},{"vulnerability":"VCID-dj88-f3p8-cfbn"},{"vulnerability":"VCID-dmzb-gkdn-6bcm"},{"vulnerability":"VCID-dsu7-jjjq-f3e1"},{"vulnerability":"VCID-e32h-8q61-hbgc"},{"vulnerability":"VCID-eajg-ctpd-2bby"},{"vulnerability":"VCID-ekfd-wp8z-d7e1"},{"vulnerability":"VCID-f4bv-pzdy-dfcb"},{"vulnerability":"VCID-f963-qur3-2qb7"},{"vulnerability":"VCID-g4uc-qeb6-myed"},{"vulnerability":"VCID-gcnj-6qb6-pbgz"},{"vulnerability":"VCID-gv1b-xtv4-4yg3"},{"vulnerability":"VCID-h6y3-7gsq-skh2"},{"vulnerability":"VCID-he5m-6wj4-rbhc"},{"vulnerability":"VCID-hhmn-yz5p-xkap"},{"vulnerability":"VCID-k8af-cg9k-87a9"},{"vulnerability":"VCID-kj9x-psfz-2ug1"},{"vulnerability":"VCID-mh4f-vtfj-hbb1"},{"vulnerability":"VCID-mnz3-rj21-67ad"},{"vulnerability":"VCID-mud2-s4rc-fuf6"},{"vulnerability":"VCID-n15v-ta9h-6ffb"},{"vulnerability":"VCID-n7ng-zkkb-2qaz"},{"vulnerability":"VCID-nubu-f1sc-gbes"},{"vulnerability":"VCID-nxq4-m52q-yuh4"},{"vulnerability":"VCID-p715-yexd-jfgc"},{"vulnerability":"VCID-phgh-sd4m-zbdx"},{"vulnerability":"VCID-pmzz-9rws-4ud5"},{"vulnerability":"VCID-pss5-as4b-cyf2"},{"vulnerability":"VCID-px44-19tj-h7aa"},{"vulnerability":"VCID-q8hy-wjd9-nbgp"},{"vulnerability":"VCID-raxk-rm9v-hubn"},{"vulnerability":"VCID-remd-55jh-r3g5"},{"vulnerability":"VCID-s53a-f91p-huf4"},{"vulnerability":"VCID-s55j-8hbt-akhn"},{"vulnerability":"VCID-s64f-x81f-b7ce"},{"vulnerability":"VCID-stzu-sxe6-5yf5"},{"vulnerability":"VCID-sw7v-fbjk-13hy"},{"vulnerability":"VCID-swnc-ke6h-ekew"},{"vulnerability":"VCID-t1n7-eswt-73gw"},{"vulnerability":"VCID-t3jn-vwbx-u7cr"},{"vulnerability":"VCID-taj6-zj2n-5kg8"},{"vulnerability":"VCID-tnjd-pyys-akav"},{"vulnerability":"VCID-u9bx-8e86-wbew"},{"vulnerability":"VCID-ve7g-8st5-wffb"},{"vulnerability":"VCID-vxry-uvph-kbfd"},{"vulnerability":"VCID-vyvy-y3cw-hbgr"},{"vulnerability":"VCID-w13x-3rp9-wyej"},{"vulnerability":"VCID-wea9-egep-h7g5"},{"vulnerability":"VCID-xa4m-xpa9-v7h8"},{"vulnerability":"VCID-xh7y-56vy-5ud8"},{"vulnerability":"VCID-xtdg-uj46-rkcm"},{"vulnerability":"VCID-xy6y-312d-rygj"},{"vulnerability":"VCID-y32z-2d3f-gkgw"},{"vulnerability":"VCID-yzx1-4psv-7bhr"},{"vulnerability":"VCID-zdq2-dhb2-6kaq"},{"vulnerability":"VCID-zkea-ge1t-z7gn"},{"vulnerability":"VCID-zn99-ywte-33g6"},{"vulnerability":"VCID-zwgt-rm1f-6bf2"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["GHSA-8c25-vj2w-p72j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rwqs-3ktq-qqbd"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@7.1.0"}