{"url":"http://public2.vulnerablecode.io/api/packages/56072?format=json","purl":"pkg:composer/typo3/cms-core@8.0.0","type":"composer","namespace":"typo3","name":"cms-core","version":"8.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"8.1.2","latest_non_vulnerable_version":"14.0.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41131?format=json","vulnerability_id":"VCID-1knh-es99-dubw","summary":"Code Injection\nArbitrary Code Execution and Cross-Site Scripting in Backend API.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-019/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-019/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58253?format=json","purl":"pkg:composer/typo3/cms-core@8.7.27","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.27"},{"url":"http://public2.vulnerablecode.io/api/packages/58254?format=json","purl":"pkg:composer/typo3/cms-core@9.5.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.8"}],"aliases":["GMS-2019-168"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1knh-es99-dubw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40622?format=json","vulnerability_id":"VCID-1prg-c74k-37ec","summary":"Code Injection\nArbitrary Code Execution via File List Module.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-008/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-008/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:composer/typo3/cms-core@8.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/56445?format=json","purl":"pkg:composer/typo3/cms-core@9.5.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4"}],"aliases":["GMS-2019-158"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1prg-c74k-37ec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40079?format=json","vulnerability_id":"VCID-2m67-xdxz-ryc2","summary":"Improper Authentication\nAuthentication Bypass in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-001/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56075?format=json","purl":"pkg:composer/typo3/cms-core@8.7.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/56076?format=json","purl":"pkg:composer/typo3/cms-core@9.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.3.2"}],"aliases":["GMS-2018-81"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2m67-xdxz-ryc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41293?format=json","vulnerability_id":"VCID-2rhr-8vaz-hqfj","summary":"Cross-site Scripting\nTYPO3 is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2021-013","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2021-013"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32768","reference_id":"CVE-2021-32768","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32768"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58638?format=json","purl":"pkg:composer/typo3/cms-core@9.5.29","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.29"},{"url":"http://public2.vulnerablecode.io/api/packages/58639?format=json","purl":"pkg:composer/typo3/cms-core@10.4.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.19"},{"url":"http://public2.vulnerablecode.io/api/packages/58640?format=json","purl":"pkg:composer/typo3/cms-core@11.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.3.2"}],"aliases":["CVE-2021-32768","GHSA-c5c9-8c6m-727v"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2rhr-8vaz-hqfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47013?format=json","vulnerability_id":"VCID-3hta-35zx-zuc4","summary":"TYPO3 Install Tool vulnerable to Code Execution\n### Problem\nSeveral settings in the Install Tool for configuring the path to system binaries were vulnerable to code execution. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions.\n\nThe corresponding change for this advisory involves enforcing the known disadvantages described in [TYPO3-PSA-2020-002: Protecting Install Tool with Sudo Mode](https://typo3.org/security/advisory/typo3-psa-2020-002).\n\n### Solution\nUpdate to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described.\n\n### Credits\nThanks to Rickmer Frier & Daniel Jonka who reported this issue and to TYPO3 core & security team member Benjamin Franzke who fixed the issue.\n\n### References\n* [TYPO3-CORE-SA-2024-002](https://typo3.org/security/advisory/typo3-core-sa-2024-002)","references":[{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"https://github.com/TYPO3/typo3/commit/47e897f8c7668ef299ecc9ce93f52cafbb3497ed","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/47e897f8c7668ef299ecc9ce93f52cafbb3497ed"},{"reference_url":"https://github.com/TYPO3/typo3/commit/6cc11761b8e2434fa4ccc9f096c65ca82569cfdf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/6cc11761b8e2434fa4ccc9f096c65ca82569cfdf"},{"reference_url":"https://github.com/TYPO3/typo3/commit/84e07e35b880a544b517868432c56987d05d46d4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/84e07e35b880a544b517868432c56987d05d46d4"},{"reference_url":"https://typo3.org/help/security-advisories","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/help/security-advisories"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2024-002","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2024-002"},{"reference_url":"https://typo3.org/security/advisory/typo3-psa-2020-002","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-psa-2020-002"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22188","reference_id":"CVE-2024-22188","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-22188"},{"reference_url":"https://github.com/advisories/GHSA-5w2h-59j3-8x5w","reference_id":"GHSA-5w2h-59j3-8x5w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5w2h-59j3-8x5w"},{"reference_url":"https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w","reference_id":"GHSA-5w2h-59j3-8x5w","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68934?format=json","purl":"pkg:composer/typo3/cms-core@8.7.57","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.57"},{"url":"http://public2.vulnerablecode.io/api/packages/68935?format=json","purl":"pkg:composer/typo3/cms-core@9.5.46","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.46"},{"url":"http://public2.vulnerablecode.io/api/packages/68936?format=json","purl":"pkg:composer/typo3/cms-core@10.4.43","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43"},{"url":"http://public2.vulnerablecode.io/api/packages/68937?format=json","purl":"pkg:composer/typo3/cms-core@11.5.35","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35"},{"url":"http://public2.vulnerablecode.io/api/packages/68938?format=json","purl":"pkg:composer/typo3/cms-core@12.4.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/68939?format=json","purl":"pkg:composer/typo3/cms-core@13.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1"}],"aliases":["CVE-2024-22188","GHSA-5w2h-59j3-8x5w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3hta-35zx-zuc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41121?format=json","vulnerability_id":"VCID-6ffw-r4k7-5qf8","summary":"Security Misconfiguration in Frontend Session Handling.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-018/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-018/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58253?format=json","purl":"pkg:composer/typo3/cms-core@8.7.27","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.27"},{"url":"http://public2.vulnerablecode.io/api/packages/58254?format=json","purl":"pkg:composer/typo3/cms-core@9.5.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.8"}],"aliases":["GMS-2019-167"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6ffw-r4k7-5qf8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40631?format=json","vulnerability_id":"VCID-6q7t-kdrg-8qc3","summary":"Security Misconfiguration for Backend User Accounts.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-002/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-002/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:composer/typo3/cms-core@8.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/56445?format=json","purl":"pkg:composer/typo3/cms-core@9.5.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4"}],"aliases":["GMS-2019-153"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6q7t-kdrg-8qc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40618?format=json","vulnerability_id":"VCID-6rgp-dzw1-kycx","summary":"Cross-site Scripting\nCross-Site Scripting in Bootstrap CSS toolkit.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-006/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-006/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:composer/typo3/cms-core@8.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/56445?format=json","purl":"pkg:composer/typo3/cms-core@9.5.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4"}],"aliases":["GMS-2019-156"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6rgp-dzw1-kycx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40095?format=json","vulnerability_id":"VCID-7ch1-q9f4-a7bt","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIn Bootstrap, XSS is possible in the data-target property of scrollspy.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1456","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1456"},{"reference_url":"https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2","reference_id":"","reference_type":"","scores":[],"url":"https://blog.getbootstrap.com/2018/07/12/bootstrap-4-1-2"},{"reference_url":"https://github.com/twbs/bootstrap","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/twbs/bootstrap"},{"reference_url":"https://github.com/twbs/bootstrap/issues/26423","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/twbs/bootstrap/issues/26423"},{"reference_url":"https://github.com/twbs/bootstrap/issues/26627","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/twbs/bootstrap/issues/26627"},{"reference_url":"https://github.com/twbs/bootstrap/pull/26630","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/twbs/bootstrap/pull/26630"},{"reference_url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/52e0e6b5df827ee7f1e68f7cc3babe61af3b2160f5d74a85469b7b0e@%3Cdev.superset.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r3dc0cac8d856bca02bd6997355d7ff83027dcfc82f8646a29b89b714@%3Cissues.hbase.apache.org%3E"},{"reference_url":"https://seclists.org/bugtraq/2019/May/18","reference_id":"","reference_type":"","scores":[],"url":"https://seclists.org/bugtraq/2019/May/18"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-006","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-006"},{"reference_url":"https://www.oracle.com/security-alerts/cpuApr2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14041","reference_id":"CVE-2018-14041","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14041"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml","reference_id":"CVE-2018-14041.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-14041.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml","reference_id":"CVE-2018-14041.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-14041.yaml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml","reference_id":"CVE-2018-14041.YML","reference_type":"","scores":[],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bootstrap/CVE-2018-14041.yml"},{"reference_url":"https://github.com/advisories/GHSA-pj7m-g53m-7638","reference_id":"GHSA-pj7m-g53m-7638","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-pj7m-g53m-7638"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:composer/typo3/cms-core@8.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/56445?format=json","purl":"pkg:composer/typo3/cms-core@9.5.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4"}],"aliases":["CVE-2018-14041","GHSA-pj7m-g53m-7638"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ch1-q9f4-a7bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47009?format=json","vulnerability_id":"VCID-7r4g-gxc6-hubh","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nTYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.","references":[{"reference_url":"https://github.com/TYPO3/typo3/commit/1186b2fec8a665a8f228ed66e6d60abf8407c17b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/1186b2fec8a665a8f228ed66e6d60abf8407c17b"},{"reference_url":"https://github.com/TYPO3/typo3/commit/c7a135c25a14b852eebe4335f21ba3c606188f3a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/c7a135c25a14b852eebe4335f21ba3c606188f3a"},{"reference_url":"https://github.com/TYPO3/typo3/commit/cafc5af7fdce7734e6c8f9ecf2efd17b246fc049","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/cafc5af7fdce7734e6c8f9ecf2efd17b246fc049"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2024-003","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2024-003"},{"reference_url":"https://github.com/advisories/GHSA-38r2-5695-334w","reference_id":"GHSA-38r2-5695-334w","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-38r2-5695-334w"},{"reference_url":"https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w","reference_id":"GHSA-38r2-5695-334w","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68934?format=json","purl":"pkg:composer/typo3/cms-core@8.7.57","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.57"},{"url":"http://public2.vulnerablecode.io/api/packages/68935?format=json","purl":"pkg:composer/typo3/cms-core@9.5.46","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.46"},{"url":"http://public2.vulnerablecode.io/api/packages/68936?format=json","purl":"pkg:composer/typo3/cms-core@10.4.43","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43"},{"url":"http://public2.vulnerablecode.io/api/packages/68937?format=json","purl":"pkg:composer/typo3/cms-core@11.5.35","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35"},{"url":"http://public2.vulnerablecode.io/api/packages/68938?format=json","purl":"pkg:composer/typo3/cms-core@12.4.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/68939?format=json","purl":"pkg:composer/typo3/cms-core@13.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1"}],"aliases":["CVE-2024-25118","GHSA-38r2-5695-334w"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7r4g-gxc6-hubh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41119?format=json","vulnerability_id":"VCID-82ds-xda8-5ye4","summary":"Insecure Deserialization in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-020/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-020/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58253?format=json","purl":"pkg:composer/typo3/cms-core@8.7.27","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.27"},{"url":"http://public2.vulnerablecode.io/api/packages/58254?format=json","purl":"pkg:composer/typo3/cms-core@9.5.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.8"}],"aliases":["GMS-2019-169"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-82ds-xda8-5ye4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40956?format=json","vulnerability_id":"VCID-8sek-v483-8ueu","summary":"Code Injection\nPossible Arbitrary Code Execution in Image Processing.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-012/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-012/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57971?format=json","purl":"pkg:composer/typo3/cms-core@8.7.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.25"},{"url":"http://public2.vulnerablecode.io/api/packages/57972?format=json","purl":"pkg:composer/typo3/cms-core@9.5.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.6"}],"aliases":["GMS-2019-162"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8sek-v483-8ueu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40495?format=json","vulnerability_id":"VCID-b92x-56ng-3ygy","summary":"Uncontrolled Resource Consumption\nDenial of Service in Frontend Record Registration.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-012/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-012/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"}],"aliases":["GMS-2018-91"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b92x-56ng-3ygy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46390?format=json","vulnerability_id":"VCID-bzqv-s7g3-wff9","summary":"TYPO3 vulnerable to Weak Authentication in Session Handling\nTYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2023-006","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2023-006"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47127","reference_id":"CVE-2023-47127","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-47127"},{"reference_url":"https://github.com/advisories/GHSA-3vmm-7h4j-69rm","reference_id":"GHSA-3vmm-7h4j-69rm","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3vmm-7h4j-69rm"},{"reference_url":"https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm","reference_id":"GHSA-3vmm-7h4j-69rm","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/67727?format=json","purl":"pkg:composer/typo3/cms-core@8.7.55","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.55"},{"url":"http://public2.vulnerablecode.io/api/packages/67728?format=json","purl":"pkg:composer/typo3/cms-core@9.5.44","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.44"},{"url":"http://public2.vulnerablecode.io/api/packages/67729?format=json","purl":"pkg:composer/typo3/cms-core@10.4.41","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.41"},{"url":"http://public2.vulnerablecode.io/api/packages/67730?format=json","purl":"pkg:composer/typo3/cms-core@11.5.33","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.33"},{"url":"http://public2.vulnerablecode.io/api/packages/67731?format=json","purl":"pkg:composer/typo3/cms-core@12.4.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.8"}],"aliases":["CVE-2023-47127","GHSA-3vmm-7h4j-69rm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bzqv-s7g3-wff9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40637?format=json","vulnerability_id":"VCID-cg7w-xkyg-abgj","summary":"Improper Access Control\nBroken Access Control in Localization Handling.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-003/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-003/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:composer/typo3/cms-core@8.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23"}],"aliases":["GMS-2019-154"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cg7w-xkyg-abgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41125?format=json","vulnerability_id":"VCID-cv9x-ea8e-pufu","summary":"Cross-site Scripting\nCross-Site Scripting in Link Handling.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-015/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-015/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58253?format=json","purl":"pkg:composer/typo3/cms-core@8.7.27","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.27"},{"url":"http://public2.vulnerablecode.io/api/packages/58254?format=json","purl":"pkg:composer/typo3/cms-core@9.5.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.8"}],"aliases":["GMS-2019-166"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cv9x-ea8e-pufu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40508?format=json","vulnerability_id":"VCID-daz8-j1ns-rkgt","summary":"Information Disclosure in Install Tool.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-010/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-010/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57059?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["GMS-2018-89"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-daz8-j1ns-rkgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41126?format=json","vulnerability_id":"VCID-e8ze-umec-a7hx","summary":"Information Disclosure in Backend User Interface.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-014/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-014/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58253?format=json","purl":"pkg:composer/typo3/cms-core@8.7.27","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.27"},{"url":"http://public2.vulnerablecode.io/api/packages/58254?format=json","purl":"pkg:composer/typo3/cms-core@9.5.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.8"}],"aliases":["GMS-2019-165"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8ze-umec-a7hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40499?format=json","vulnerability_id":"VCID-e9jc-8mpp-fkgh","summary":"Security Misconfiguration in Install Tool Cookie.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-009/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-009/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57059?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["GMS-2018-88"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e9jc-8mpp-fkgh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40081?format=json","vulnerability_id":"VCID-hfcx-1kuh-p3ez","summary":"Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-002/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-002/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56075?format=json","purl":"pkg:composer/typo3/cms-core@8.7.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/56076?format=json","purl":"pkg:composer/typo3/cms-core@9.3.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.3.2"}],"aliases":["GMS-2018-82"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hfcx-1kuh-p3ez"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40957?format=json","vulnerability_id":"VCID-hnyk-614g-yuhy","summary":"Security Misconfiguration in User Session Handling.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-011/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-011/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57971?format=json","purl":"pkg:composer/typo3/cms-core@8.7.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.25"},{"url":"http://public2.vulnerablecode.io/api/packages/57972?format=json","purl":"pkg:composer/typo3/cms-core@9.5.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.6"}],"aliases":["GMS-2019-161"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hnyk-614g-yuhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41236?format=json","vulnerability_id":"VCID-j8hk-bqnb-gycp","summary":"Cross-site Scripting\nTYPO3 contains a cross-site scripting vulnerability. When error messages are not properly encoded, the components `_QueryGenerator_` and `_QueryView_` are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 contain a patch for this issue.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2021-010","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2021-010"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32668","reference_id":"CVE-2021-32668","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32668"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58464?format=json","purl":"pkg:composer/typo3/cms-core@10.4.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rhr-8vaz-hqfj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.18"},{"url":"http://public2.vulnerablecode.io/api/packages/58465?format=json","purl":"pkg:composer/typo3/cms-core@11.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rhr-8vaz-hqfj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.3.1"}],"aliases":["CVE-2021-32668","GHSA-6mh3-j5r5-2379"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j8hk-bqnb-gycp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40630?format=json","vulnerability_id":"VCID-k8r2-2ak8-qkak","summary":"Cross-site Scripting\nCross-Site Scripting in Form Framework.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-007/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-007/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:composer/typo3/cms-core@8.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/56445?format=json","purl":"pkg:composer/typo3/cms-core@9.5.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4"}],"aliases":["GMS-2019-157"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k8r2-2ak8-qkak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40628?format=json","vulnerability_id":"VCID-n56h-zuzr-ruhf","summary":"Cross-site Scripting\nCross-Site Scripting in Fluid `ViewHelpers`.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-005/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:composer/typo3/cms-core@8.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/56445?format=json","purl":"pkg:composer/typo3/cms-core@9.5.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4"}],"aliases":["GMS-2019-155"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n56h-zuzr-ruhf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40498?format=json","vulnerability_id":"VCID-nyw8-q5ef-2fcv","summary":"Uncontrolled Resource Consumption\nDenial of Service in Online Media Asset Handling.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-011/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-011/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57059?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["GMS-2018-90"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nyw8-q5ef-2fcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40502?format=json","vulnerability_id":"VCID-pwh8-c992-vqav","summary":"Cross-site Scripting\nCross-Site Scripting in CKEditor.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-005/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-005/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57059?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["GMS-2018-92"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pwh8-c992-vqav"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40965?format=json","vulnerability_id":"VCID-qr1u-kcn9-cuf6","summary":"Cross-site Scripting\nCross-Site Scripting in Fluid Engine.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-013/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-013/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57971?format=json","purl":"pkg:composer/typo3/cms-core@8.7.25","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.25"},{"url":"http://public2.vulnerablecode.io/api/packages/57972?format=json","purl":"pkg:composer/typo3/cms-core@9.5.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.6"}],"aliases":["GMS-2019-160"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qr1u-kcn9-cuf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40440?format=json","vulnerability_id":"VCID-qxab-9uwr-yqhv","summary":"Cross-site Scripting\nCKEditor allows user-assisted XSS involving a source-mode paste.","references":[{"reference_url":"https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/","reference_id":"","reference_type":"","scores":[],"url":"https://ckeditor.com/blog/CKEditor-4.11-with-emoji-dropdown-and-auto-link-on-typing-released/"},{"reference_url":"https://ckeditor.com/cke4/release/CKEditor-4.11.0","reference_id":"","reference_type":"","scores":[],"url":"https://ckeditor.com/cke4/release/CKEditor-4.11.0"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-005","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-005"},{"reference_url":"https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200227030123/http://www.securityfocus.com/bid/109205"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17960","reference_id":"CVE-2018-17960","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17960"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml","reference_id":"CVE-2018-17960.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2018-17960.yaml"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml","reference_id":"CVE-2018-17960.YAML","reference_type":"","scores":[],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2018-17960.yaml"},{"reference_url":"https://github.com/advisories/GHSA-g68x-vvqq-pvw3","reference_id":"GHSA-g68x-vvqq-pvw3","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-g68x-vvqq-pvw3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57059?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["CVE-2018-17960","GHSA-g68x-vvqq-pvw3"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxab-9uwr-yqhv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41235?format=json","vulnerability_id":"VCID-sdjb-gp4t-vbgt","summary":"Cross-site Scripting\nTYPO3 is an open source PHP based web content management system. have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 contain a patch for this vulnerability.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2021-011","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2021-011"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32669","reference_id":"CVE-2021-32669","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32669"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58464?format=json","purl":"pkg:composer/typo3/cms-core@10.4.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rhr-8vaz-hqfj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.18"},{"url":"http://public2.vulnerablecode.io/api/packages/58465?format=json","purl":"pkg:composer/typo3/cms-core@11.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rhr-8vaz-hqfj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.3.1"}],"aliases":["CVE-2021-32669","GHSA-rgcg-28xm-8mmw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sdjb-gp4t-vbgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40493?format=json","vulnerability_id":"VCID-uaf3-fyst-u7gm","summary":"Cross-site Scripting\nCross-Site Scripting in Backend Modal Component.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-007/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-007/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57059?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["GMS-2018-86"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uaf3-fyst-u7gm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40510?format=json","vulnerability_id":"VCID-uncp-sa58-ufdd","summary":"Cross-site Scripting\nCross-Site Scripting in Online Media Asset Rendering.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-006/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-006/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57059?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["GMS-2018-85"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uncp-sa58-ufdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41233?format=json","vulnerability_id":"VCID-uq77-aax5-k7d8","summary":"Inclusion of Sensitive Information in Log Files\nTYPO3 is an open source PHP based web content management system. User credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 contain a patch for this vulnerability.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32767","reference_id":"CVE-2021-32767","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32767"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58470?format=json","purl":"pkg:composer/typo3/cms-core@9.5.28","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rhr-8vaz-hqfj"},{"vulnerability":"VCID-j8hk-bqnb-gycp"},{"vulnerability":"VCID-sdjb-gp4t-vbgt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.28"},{"url":"http://public2.vulnerablecode.io/api/packages/58464?format=json","purl":"pkg:composer/typo3/cms-core@10.4.18","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rhr-8vaz-hqfj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.18"},{"url":"http://public2.vulnerablecode.io/api/packages/58465?format=json","purl":"pkg:composer/typo3/cms-core@11.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rhr-8vaz-hqfj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.3.1"}],"aliases":["CVE-2021-32767","GHSA-34fr-fhqr-7235"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uq77-aax5-k7d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47012?format=json","vulnerability_id":"VCID-uua1-9rt1-dfbz","summary":"Improper Access Control\nTYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.","references":[{"reference_url":"https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references","reference_id":"","reference_type":"","scores":[],"url":"https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references"},{"reference_url":"https://github.com/TYPO3/typo3/commit/2de87ff113ba24333ab7cbb8078588743f8958d6","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/2de87ff113ba24333ab7cbb8078588743f8958d6"},{"reference_url":"https://github.com/TYPO3/typo3/commit/33f4d279b82bca0a509227a17065244c6156e68f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/33f4d279b82bca0a509227a17065244c6156e68f"},{"reference_url":"https://github.com/TYPO3/typo3/commit/ae0dfc4c058a90c10eedb3f49cfaf33164d21cdd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/ae0dfc4c058a90c10eedb3f49cfaf33164d21cdd"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2024-005","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2024-005"},{"reference_url":"https://github.com/advisories/GHSA-wf85-8hx9-gj7c","reference_id":"GHSA-wf85-8hx9-gj7c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-wf85-8hx9-gj7c"},{"reference_url":"https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c","reference_id":"GHSA-wf85-8hx9-gj7c","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68934?format=json","purl":"pkg:composer/typo3/cms-core@8.7.57","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.57"},{"url":"http://public2.vulnerablecode.io/api/packages/68935?format=json","purl":"pkg:composer/typo3/cms-core@9.5.46","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.46"},{"url":"http://public2.vulnerablecode.io/api/packages/68936?format=json","purl":"pkg:composer/typo3/cms-core@10.4.43","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43"},{"url":"http://public2.vulnerablecode.io/api/packages/68937?format=json","purl":"pkg:composer/typo3/cms-core@11.5.35","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35"},{"url":"http://public2.vulnerablecode.io/api/packages/68938?format=json","purl":"pkg:composer/typo3/cms-core@12.4.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/68939?format=json","purl":"pkg:composer/typo3/cms-core@13.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1"}],"aliases":["CVE-2024-25120","GHSA-wf85-8hx9-gj7c"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uua1-9rt1-dfbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47011?format=json","vulnerability_id":"VCID-w94g-xxea-23fb","summary":"Improper Access Control\nTYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage (\"zero-storage\") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`.","references":[{"reference_url":"https://github.com/TYPO3/typo3/commit/38f0bf9a61e10365be26eb75bc23a81184dbed07","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/38f0bf9a61e10365be26eb75bc23a81184dbed07"},{"reference_url":"https://github.com/TYPO3/typo3/commit/71e652bf84b16fd3592205f61f36750ab03db74c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/71e652bf84b16fd3592205f61f36750ab03db74c"},{"reference_url":"https://github.com/TYPO3/typo3/commit/b47b6ddf5a5f3f852c6e43f837360780c12e3c47","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/b47b6ddf5a5f3f852c6e43f837360780c12e3c47"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2024-006","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2024-006"},{"reference_url":"https://github.com/advisories/GHSA-rj3x-wvc6-5j66","reference_id":"GHSA-rj3x-wvc6-5j66","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rj3x-wvc6-5j66"},{"reference_url":"https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66","reference_id":"GHSA-rj3x-wvc6-5j66","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68934?format=json","purl":"pkg:composer/typo3/cms-core@8.7.57","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.57"},{"url":"http://public2.vulnerablecode.io/api/packages/68935?format=json","purl":"pkg:composer/typo3/cms-core@9.5.46","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.46"},{"url":"http://public2.vulnerablecode.io/api/packages/68936?format=json","purl":"pkg:composer/typo3/cms-core@10.4.43","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43"},{"url":"http://public2.vulnerablecode.io/api/packages/68937?format=json","purl":"pkg:composer/typo3/cms-core@11.5.35","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35"},{"url":"http://public2.vulnerablecode.io/api/packages/68938?format=json","purl":"pkg:composer/typo3/cms-core@12.4.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/68939?format=json","purl":"pkg:composer/typo3/cms-core@13.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1"}],"aliases":["CVE-2024-25121","GHSA-rj3x-wvc6-5j66"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w94g-xxea-23fb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40626?format=json","vulnerability_id":"VCID-wm4a-hcvt-vkbk","summary":"Information Disclosure of Installed Extensions.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2019-001/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2019-001/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/56444?format=json","purl":"pkg:composer/typo3/cms-core@8.7.23","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.23"},{"url":"http://public2.vulnerablecode.io/api/packages/56445?format=json","purl":"pkg:composer/typo3/cms-core@9.5.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.4"}],"aliases":["GMS-2019-152"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wm4a-hcvt-vkbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47010?format=json","vulnerability_id":"VCID-y3zj-acc7-jkau","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nTYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability.","references":[{"reference_url":"https://github.com/TYPO3/typo3/commit/14d101359c71ee963cf51ad0c8ae777b7b9ec9a1","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/14d101359c71ee963cf51ad0c8ae777b7b9ec9a1"},{"reference_url":"https://github.com/TYPO3/typo3/commit/df486372ea56fac241d3c96ad43a7729fee64557","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/df486372ea56fac241d3c96ad43a7729fee64557"},{"reference_url":"https://github.com/TYPO3/typo3/commit/fa12667c046342ebfd9b159c646aeafdbc52fcfd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/commit/fa12667c046342ebfd9b159c646aeafdbc52fcfd"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2024-004","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2024-004"},{"reference_url":"https://github.com/advisories/GHSA-h47m-3f78-qp9g","reference_id":"GHSA-h47m-3f78-qp9g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h47m-3f78-qp9g"},{"reference_url":"https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g","reference_id":"GHSA-h47m-3f78-qp9g","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/68934?format=json","purl":"pkg:composer/typo3/cms-core@8.7.57","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.57"},{"url":"http://public2.vulnerablecode.io/api/packages/68935?format=json","purl":"pkg:composer/typo3/cms-core@9.5.46","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.46"},{"url":"http://public2.vulnerablecode.io/api/packages/68936?format=json","purl":"pkg:composer/typo3/cms-core@10.4.43","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43"},{"url":"http://public2.vulnerablecode.io/api/packages/68937?format=json","purl":"pkg:composer/typo3/cms-core@11.5.35","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35"},{"url":"http://public2.vulnerablecode.io/api/packages/68938?format=json","purl":"pkg:composer/typo3/cms-core@12.4.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11"},{"url":"http://public2.vulnerablecode.io/api/packages/68939?format=json","purl":"pkg:composer/typo3/cms-core@13.0.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1"}],"aliases":["CVE-2024-25119","GHSA-h47m-3f78-qp9g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3zj-acc7-jkau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40506?format=json","vulnerability_id":"VCID-z2bk-m2kw-h3c9","summary":"Cross-site Scripting\nCross-Site Scripting in Frontend User Login.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2018-008/","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2018-008/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57058?format=json","purl":"pkg:composer/typo3/cms-core@8.7.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/57059?format=json","purl":"pkg:composer/typo3/cms-core@9.5.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@9.5.2"}],"aliases":["GMS-2018-87"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z2bk-m2kw-h3c9"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@8.0.0"}