{"url":"http://public2.vulnerablecode.io/api/packages/50327?format=json","purl":"pkg:composer/typo3/cms@4.2.0","type":"composer","namespace":"typo3","name":"cms","version":"4.2.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"10.4.35","latest_non_vulnerable_version":"12.2.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57979?format=json","vulnerability_id":"VCID-5arh-exf5-zub1","summary":"TYPO3 SQL Injection vulnerability\nSQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5103","reference_id":"","reference_type":"","scores":[{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.71086","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70908","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70962","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70972","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.7097","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70952","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70992","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.71028","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70994","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.71022","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.71076","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70816","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70831","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70849","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70824","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70868","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70883","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70906","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70891","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70875","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70921","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00652","scoring_system":"epss","scoring_elements":"0.70928","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5103"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/64184","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/64184"},{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-5103","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-5103"},{"reference_url":"https://web.archive.org/web/20120123102224/http://www.securityfocus.com/bid/45470","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120123102224/http://www.securityfocus.com/bid/45470"},{"reference_url":"https://web.archive.org/web/20120801235059/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120801235059/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/01/13/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/01/13/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/05/10/7","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/05/10/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/05/11/3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/05/11/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/05/12/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/05/12/5"},{"reference_url":"https://github.com/advisories/GHSA-r2w2-2r2x-fpcx","reference_id":"GHSA-r2w2-2r2x-fpcx","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-r2w2-2r2x-fpcx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55298?format=json","purl":"pkg:composer/typo3/cms@4.2.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.16"},{"url":"http://public2.vulnerablecode.io/api/packages/55299?format=json","purl":"pkg:composer/typo3/cms@4.3.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.3.9"},{"url":"http://public2.vulnerablecode.io/api/packages/55300?format=json","purl":"pkg:composer/typo3/cms@4.4.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.4.5"}],"aliases":["CVE-2010-5103","GHSA-r2w2-2r2x-fpcx"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5arh-exf5-zub1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14270?format=json","vulnerability_id":"VCID-69fr-ztbp-z7gg","summary":"Improper Input Validation\nThe Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0258","reference_id":"","reference_type":"","scores":[{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87529","published_at":"2026-05-15T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87432","published_at":"2026-04-26T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87433","published_at":"2026-04-29T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87447","published_at":"2026-05-05T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87461","published_at":"2026-05-07T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87478","published_at":"2026-05-09T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87472","published_at":"2026-05-11T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87486","published_at":"2026-05-12T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87521","published_at":"2026-05-14T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87344","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87354","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.8737","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87369","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87387","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87394","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87407","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87401","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87397","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87412","published_at":"2026-04-16T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87415","published_at":"2026-04-18T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87409","published_at":"2026-04-21T12:55:00Z"},{"value":"0.03387","scoring_system":"epss","scoring_elements":"0.87426","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0258"},{"reference_url":"http://secunia.com/advisories/33617","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33617"},{"reference_url":"http://secunia.com/advisories/33679","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33679"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/48138","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/48138"},{"reference_url":"https://web.archive.org/web/20111210005350/http://www.securityfocus.com/bid/33376","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111210005350/http://www.securityfocus.com/bid/33376"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"},{"reference_url":"http://www.debian.org/security/2009/dsa-1711","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2009/dsa-1711"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/01/23/4","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/01/23/4"},{"reference_url":"http://www.securityfocus.com/bid/33376","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/33376"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0258","reference_id":"CVE-2009-0258","reference_type":"","scores":[{"value":"10.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:C/I:C/A:C"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0258"},{"reference_url":"https://github.com/advisories/GHSA-74w6-ww7w-45j9","reference_id":"GHSA-74w6-ww7w-45j9","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-74w6-ww7w-45j9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50460?format=json","purl":"pkg:composer/typo3/cms@4.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.4"}],"aliases":["CVE-2009-0258","GHSA-74w6-ww7w-45j9"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-69fr-ztbp-z7gg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14192?format=json","vulnerability_id":"VCID-acey-xzmu-7yg9","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0816","reference_id":"","reference_type":"","scores":[{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52031","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51955","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51961","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51921","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51868","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51918","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51957","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51943","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51871","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51919","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51946","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.5191","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51964","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51963","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52015","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51997","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.51981","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52023","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52029","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00285","scoring_system":"epss","scoring_elements":"0.52009","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0816"},{"reference_url":"https://web.archive.org/web/20210507104956/http://www.securitytracker.com/id?1021709","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20210507104956/http://www.securitytracker.com/id?1021709"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/"},{"reference_url":"http://www.debian.org/security/2009/dsa-1720","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2009/dsa-1720"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/02/10/6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/02/10/6"},{"reference_url":"http://www.securitytracker.com/id?1021709","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1021709"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0816","reference_id":"CVE-2009-0816","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0816"},{"reference_url":"https://github.com/advisories/GHSA-jg55-3q6h-2ccf","reference_id":"GHSA-jg55-3q6h-2ccf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jg55-3q6h-2ccf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50332?format=json","purl":"pkg:composer/typo3/cms@4.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.6"}],"aliases":["CVE-2009-0816","GHSA-jg55-3q6h-2ccf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-acey-xzmu-7yg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15989?format=json","vulnerability_id":"VCID-enht-zcrt-mbe6","summary":"TYPO3 Path Traversal vulnerability\nThe fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.","references":[{"reference_url":"http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5099","reference_id":"","reference_type":"","scores":[{"value":"0.05249","scoring_system":"epss","scoring_elements":"0.90067","published_at":"2026-05-14T12:55:00Z"},{"value":"0.05249","scoring_system":"epss","scoring_elements":"0.90053","published_at":"2026-05-12T12:55:00Z"},{"value":"0.05249","scoring_system":"epss","scoring_elements":"0.90045","published_at":"2026-05-11T12:55:00Z"},{"value":"0.05249","scoring_system":"epss","scoring_elements":"0.90049","published_at":"2026-05-09T12:55:00Z"},{"value":"0.05249","scoring_system":"epss","scoring_elements":"0.90038","published_at":"2026-05-07T12:55:00Z"},{"value":"0.05249","scoring_system":"epss","scoring_elements":"0.90023","published_at":"2026-05-05T12:55:00Z"},{"value":"0.05249","scoring_system":"epss","scoring_elements":"0.9001","published_at":"2026-04-29T12:55:00Z"},{"value":"0.05249","scoring_system":"epss","scoring_elements":"0.90011","published_at":"2026-04-26T12:55:00Z"},{"value":"0.05249","scoring_system":"epss","scoring_elements":"0.90012","published_at":"2026-04-24T12:55:00Z"},{"value":"0.05249","scoring_system":"epss","scoring_elements":"0.89995","published_at":"2026-04-21T12:55:00Z"},{"value":"0.05249","scoring_system":"epss","scoring_elements":"0.90076","published_at":"2026-05-15T12:55:00Z"},{"value":"0.05957","scoring_system":"epss","scoring_elements":"0.90643","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05957","scoring_system":"epss","scoring_elements":"0.90605","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05957","scoring_system":"epss","scoring_elements":"0.90608","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05957","scoring_system":"epss","scoring_elements":"0.90618","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05957","scoring_system":"epss","scoring_elements":"0.90626","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05957","scoring_system":"epss","scoring_elements":"0.90637","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05957","scoring_system":"epss","scoring_elements":"0.90652","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05957","scoring_system":"epss","scoring_elements":"0.90646","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05957","scoring_system":"epss","scoring_elements":"0.90666","published_at":"2026-04-16T12:55:00Z"},{"value":"0.05957","scoring_system":"epss","scoring_elements":"0.90664","published_at":"2026-04-18T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5099"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/64180","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"},{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"https://web.archive.org/web/20120801235059/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120801235059/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022"},{"reference_url":"http://www.exploit-db.com/exploits/15856","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.exploit-db.com/exploits/15856"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/01/13/2","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/01/13/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/05/10/7","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/05/10/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/05/11/3","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/05/11/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/05/12/5","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/05/12/5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-5099","reference_id":"CVE-2010-5099","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-5099"},{"reference_url":"https://github.com/advisories/GHSA-66j3-66cp-6c2m","reference_id":"GHSA-66j3-66cp-6c2m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-66j3-66cp-6c2m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55298?format=json","purl":"pkg:composer/typo3/cms@4.2.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.16"},{"url":"http://public2.vulnerablecode.io/api/packages/55299?format=json","purl":"pkg:composer/typo3/cms@4.3.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.3.9"},{"url":"http://public2.vulnerablecode.io/api/packages/55300?format=json","purl":"pkg:composer/typo3/cms@4.4.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.4.5"}],"aliases":["CVE-2010-5099","GHSA-66j3-66cp-6c2m"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-enht-zcrt-mbe6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55890?format=json","vulnerability_id":"VCID-jbu9-bp56-rkgw","summary":"TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism\nThe jumpUrl (aka access tracking) implementation in `tslib/class.tslib_fe.php` in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.","references":[{"reference_url":"http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3714","reference_id":"","reference_type":"","scores":[{"value":"0.33647","scoring_system":"epss","scoring_elements":"0.96993","published_at":"2026-05-15T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.97052","published_at":"2026-04-09T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.9707","published_at":"2026-04-18T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.97074","published_at":"2026-04-21T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.97076","published_at":"2026-04-24T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.97078","published_at":"2026-04-26T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.97079","published_at":"2026-04-29T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.97082","published_at":"2026-05-05T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.97085","published_at":"2026-05-07T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.97092","published_at":"2026-05-09T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.97096","published_at":"2026-05-11T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.97101","published_at":"2026-05-12T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.97109","published_at":"2026-05-14T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.9703","published_at":"2026-04-01T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.97037","published_at":"2026-04-02T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.97041","published_at":"2026-04-07T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.97051","published_at":"2026-04-08T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.97055","published_at":"2026-04-12T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.97056","published_at":"2026-04-13T12:55:00Z"},{"value":"0.35507","scoring_system":"epss","scoring_elements":"0.97067","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-3714"},{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"https://github.com/TYPO3/typo3/commit/687b671c765eac10ffb764547bb403ac3ef55620","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3/commit/687b671c765eac10ffb764547bb403ac3ef55620"},{"reference_url":"https://github.com/TYPO3/typo3/commit/a8ccd387cafd2c2c338fc29109c16418f7657229","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3/commit/a8ccd387cafd2c2c338fc29109c16418f7657229"},{"reference_url":"https://github.com/TYPO3/typo3/commit/d95f06f633fd2c289b544f6d5907b789eae6cccb","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3/commit/d95f06f633fd2c289b544f6d5907b789eae6cccb"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-3714","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-3714"},{"reference_url":"https://web.archive.org/web/20111220151231/http://www.securityfocus.com/bid/43786","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111220151231/http://www.securityfocus.com/bid/43786"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-020/"},{"reference_url":"http://www.debian.org/security/2010/dsa-2121","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2010/dsa-2121"},{"reference_url":"http://www.exploit-db.com/exploits/15856","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.exploit-db.com/exploits/15856"},{"reference_url":"http://www.securityfocus.com/bid/43786","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/43786"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/15856.php","reference_id":"CVE-2012-2344;OSVDB-70121;CVE-2010-5099;CVE-2010-3714;OSVDB-68590","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/15856.php"},{"reference_url":"https://github.com/advisories/GHSA-w736-qv86-vq94","reference_id":"GHSA-w736-qv86-vq94","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-w736-qv86-vq94"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/82794?format=json","purl":"pkg:composer/typo3/cms@4.2.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.15"},{"url":"http://public2.vulnerablecode.io/api/packages/82795?format=json","purl":"pkg:composer/typo3/cms@4.3.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.3.7"},{"url":"http://public2.vulnerablecode.io/api/packages/82796?format=json","purl":"pkg:composer/typo3/cms@4.4.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.4.4"}],"aliases":["CVE-2010-3714","GHSA-w736-qv86-vq94"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jbu9-bp56-rkgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55670?format=json","vulnerability_id":"VCID-k6fn-pcqn-byhu","summary":"TYPO3 Directory Traversal vulnerability\nDirectory traversal vulnerability in the TypoScript setup in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated administrators to read arbitrary files via unspecified vectors related to the \"file inclusion functionality.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5101","reference_id":"","reference_type":"","scores":[{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61119","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61265","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.6125","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61191","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61165","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61203","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61144","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.6107","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61134","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61095","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61147","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61154","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61139","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.6115","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61168","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61163","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61122","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61141","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.60999","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61076","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61155","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00407","scoring_system":"epss","scoring_elements":"0.61104","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-5101"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/64180","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/64180"},{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-5101","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-5101"},{"reference_url":"https://web.archive.org/web/20120123102224/http://www.securityfocus.com/bid/45470","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120123102224/http://www.securityfocus.com/bid/45470"},{"reference_url":"https://web.archive.org/web/20121103085228/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121103085228/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/01/13/2","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/01/13/2"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/05/10/7","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/05/10/7"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/05/11/3","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/05/11/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/05/12/5","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/05/12/5"},{"reference_url":"https://github.com/advisories/GHSA-rmqc-wfjm-3f66","reference_id":"GHSA-rmqc-wfjm-3f66","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-rmqc-wfjm-3f66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55298?format=json","purl":"pkg:composer/typo3/cms@4.2.16","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.16"},{"url":"http://public2.vulnerablecode.io/api/packages/55299?format=json","purl":"pkg:composer/typo3/cms@4.3.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.3.9"},{"url":"http://public2.vulnerablecode.io/api/packages/55300?format=json","purl":"pkg:composer/typo3/cms@4.4.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.4.5"}],"aliases":["CVE-2010-5101","GHSA-rmqc-wfjm-3f66"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6fn-pcqn-byhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14240?format=json","vulnerability_id":"VCID-tsmu-e547-8kdx","summary":"TYPO3 leaks a hash secret in an error message\nThe jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0815","reference_id":"","reference_type":"","scores":[{"value":"0.498","scoring_system":"epss","scoring_elements":"0.97787","published_at":"2026-04-01T12:55:00Z"},{"value":"0.498","scoring_system":"epss","scoring_elements":"0.97818","published_at":"2026-04-21T12:55:00Z"},{"value":"0.498","scoring_system":"epss","scoring_elements":"0.9782","published_at":"2026-04-18T12:55:00Z"},{"value":"0.498","scoring_system":"epss","scoring_elements":"0.97817","published_at":"2026-04-24T12:55:00Z"},{"value":"0.498","scoring_system":"epss","scoring_elements":"0.97811","published_at":"2026-04-13T12:55:00Z"},{"value":"0.498","scoring_system":"epss","scoring_elements":"0.9781","published_at":"2026-04-12T12:55:00Z"},{"value":"0.498","scoring_system":"epss","scoring_elements":"0.97808","published_at":"2026-04-11T12:55:00Z"},{"value":"0.498","scoring_system":"epss","scoring_elements":"0.97805","published_at":"2026-04-09T12:55:00Z"},{"value":"0.498","scoring_system":"epss","scoring_elements":"0.97803","published_at":"2026-04-08T12:55:00Z"},{"value":"0.498","scoring_system":"epss","scoring_elements":"0.97799","published_at":"2026-04-07T12:55:00Z"},{"value":"0.498","scoring_system":"epss","scoring_elements":"0.97795","published_at":"2026-04-04T12:55:00Z"},{"value":"0.498","scoring_system":"epss","scoring_elements":"0.97793","published_at":"2026-04-02T12:55:00Z"},{"value":"0.52771","scoring_system":"epss","scoring_elements":"0.97974","published_at":"2026-05-15T12:55:00Z"},{"value":"0.52771","scoring_system":"epss","scoring_elements":"0.97954","published_at":"2026-04-26T12:55:00Z"},{"value":"0.52771","scoring_system":"epss","scoring_elements":"0.97958","published_at":"2026-04-29T12:55:00Z"},{"value":"0.52771","scoring_system":"epss","scoring_elements":"0.97964","published_at":"2026-05-11T12:55:00Z"},{"value":"0.52771","scoring_system":"epss","scoring_elements":"0.97962","published_at":"2026-05-07T12:55:00Z"},{"value":"0.52771","scoring_system":"epss","scoring_elements":"0.97965","published_at":"2026-05-09T12:55:00Z"},{"value":"0.52771","scoring_system":"epss","scoring_elements":"0.97967","published_at":"2026-05-12T12:55:00Z"},{"value":"0.52771","scoring_system":"epss","scoring_elements":"0.97971","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0815"},{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"https://web.archive.org/web/20091206080208/http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20091206080208/http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002"},{"reference_url":"https://web.archive.org/web/20200915000000*/http://www.securitytracker.com/id?1021710","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200915000000*/http://www.securitytracker.com/id?1021710"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/"},{"reference_url":"http://www.debian.org/security/2009/dsa-1720","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2009/dsa-1720"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/02/10/6","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/02/10/6"},{"reference_url":"http://www.securitytracker.com/id?1021710","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id?1021710"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:3.3.x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:3.3.x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:3.3.x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:3.5.x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:3.5.x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:3.5.x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:3.6.x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:3.6.x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:3.6.x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:3.7.x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:3.7.x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:3.7.x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:3.8.x:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:3.8.x:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:3.8.x:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3:alpha1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.3:alpha1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.3:alpha1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0815","reference_id":"CVE-2009-0815","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0815"},{"reference_url":"https://github.com/advisories/GHSA-c22j-84c7-cm77","reference_id":"GHSA-c22j-84c7-cm77","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c22j-84c7-cm77"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/8038.py","reference_id":"OSVDB-52048;CVE-2009-0815","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/8038.py"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50332?format=json","purl":"pkg:composer/typo3/cms@4.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.6"}],"aliases":["CVE-2009-0815","GHSA-c22j-84c7-cm77"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tsmu-e547-8kdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14243?format=json","vulnerability_id":"VCID-u1y7-xzfg-z7ce","summary":"TYPO3 Install Tool Subcomponent Allows Access Using Only a Password's MD5 Hash as a Credential\nThe Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to gain access by using only the password's md5 hash as a credential.","references":[{"reference_url":"http://marc.info/?l=oss-security&m=125632856206736&w=2","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=oss-security&m=125632856206736&w=2"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3635","reference_id":"","reference_type":"","scores":[{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77646","published_at":"2026-05-15T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77436","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77475","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77474","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77467","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77501","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77508","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77522","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77528","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77556","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77579","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77566","published_at":"2026-05-11T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77584","published_at":"2026-05-12T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77632","published_at":"2026-05-14T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77381","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77388","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77414","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77394","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77424","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77433","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77459","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01041","scoring_system":"epss","scoring_elements":"0.77439","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3635"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/53928","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/53928"},{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"https://web.archive.org/web/20100105023145/http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20100105023145/http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016"},{"reference_url":"https://web.archive.org/web/20200229210314/http://www.securityfocus.com/bid/36801","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229210314/http://www.securityfocus.com/bid/36801"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3635","reference_id":"CVE-2009-3635","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3635"},{"reference_url":"https://github.com/advisories/GHSA-hwrc-w5gg-f335","reference_id":"GHSA-hwrc-w5gg-f335","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hwrc-w5gg-f335"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50408?format=json","purl":"pkg:composer/typo3/cms@4.2.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.10"},{"url":"http://public2.vulnerablecode.io/api/packages/50409?format=json","purl":"pkg:composer/typo3/cms@4.3.0-beta2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.3.0-beta2"}],"aliases":["CVE-2009-3635","GHSA-hwrc-w5gg-f335"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u1y7-xzfg-z7ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14265?format=json","vulnerability_id":"VCID-zkmd-h3ch-ebbg","summary":"Improper Authentication\nSession fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0256","reference_id":"","reference_type":"","scores":[{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.76027","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75893","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75905","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75912","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75941","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75965","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75949","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75963","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.76013","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75762","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75765","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75798","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75777","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75809","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75821","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75845","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75826","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.7582","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75857","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75861","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75846","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00911","scoring_system":"epss","scoring_elements":"0.75884","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-0256"},{"reference_url":"http://secunia.com/advisories/33617","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33617"},{"reference_url":"http://secunia.com/advisories/33679","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/33679"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/48133","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"},{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"https://web.archive.org/web/20111210005350/http://www.securityfocus.com/bid/33376","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20111210005350/http://www.securityfocus.com/bid/33376"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"},{"reference_url":"http://www.debian.org/security/2009/dsa-1711","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2009/dsa-1711"},{"reference_url":"http://www.securityfocus.com/bid/33376","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/33376"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0256","reference_id":"CVE-2009-0256","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0256"},{"reference_url":"https://github.com/advisories/GHSA-q45q-5233-229p","reference_id":"GHSA-q45q-5233-229p","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q45q-5233-229p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/50460?format=json","purl":"pkg:composer/typo3/cms@4.2.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.4"}],"aliases":["CVE-2009-0256","GHSA-q45q-5233-229p"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkmd-h3ch-ebbg"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.0"}