Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/cms-core@10.4.22
Typecomposer
Namespacetypo3
Namecms-core
Version10.4.22
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.4.57
Latest_non_vulnerable_version14.3.3
Affected_by_vulnerabilities
0
url VCID-4hp8-5qeb-wyam
vulnerability_id VCID-4hp8-5qeb-wyam
summary TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification. This behavior may lower the protection against unauthorized access in scenarios where an admin session is hijacked or left unattended, as it enables password changes without additional authentication. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47938
reference_id
reference_type
scores
0
value 0.00158
scoring_system epss
scoring_elements 0.36601
published_at 2026-06-13T12:55:00Z
1
value 0.00158
scoring_system epss
scoring_elements 0.36577
published_at 2026-06-12T12:55:00Z
2
value 0.00158
scoring_system epss
scoring_elements 0.36396
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47938
1
reference_url https://github.com/TYPO3-CMS/core/commit/b9a8bcb614ecdd42aa27e1c430c6213d6b6b20b3
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core/commit/b9a8bcb614ecdd42aa27e1c430c6213d6b6b20b3
2
reference_url https://github.com/TYPO3-CMS/setup/commit/60572dd050d8d861921889a19599bfe045fed5fd
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/setup/commit/60572dd050d8d861921889a19599bfe045fed5fd
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-47938
reference_id
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-47938
4
reference_url https://github.com/advisories/GHSA-3jrg-97f3-rqh9
reference_id GHSA-3jrg-97f3-rqh9
reference_type
scores
url https://github.com/advisories/GHSA-3jrg-97f3-rqh9
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-3jrg-97f3-rqh9
reference_id GHSA-3jrg-97f3-rqh9
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T13:56:18Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-3jrg-97f3-rqh9
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2025-013
reference_id typo3-core-sa-2025-013
reference_type
scores
0
value 3.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T13:56:18Z/
url https://typo3.org/security/advisory/typo3-core-sa-2025-013
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.50
purl pkg:composer/typo3/cms-core@10.4.50
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.50
1
url pkg:composer/typo3/cms-core@11.5.44
purl pkg:composer/typo3/cms-core@11.5.44
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.44
2
url pkg:composer/typo3/cms-core@12.4.31
purl pkg:composer/typo3/cms-core@12.4.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ant9-spg8-1ug5
1
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.31
3
url pkg:composer/typo3/cms-core@13.4.12
purl pkg:composer/typo3/cms-core@13.4.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ant9-spg8-1ug5
1
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.4.12
aliases CVE-2025-47938, GHSA-3jrg-97f3-rqh9
risk_score 1.7
exploitability 0.5
weighted_severity 3.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4hp8-5qeb-wyam
1
url VCID-4ntq-jdtt-7fad
vulnerability_id VCID-4ntq-jdtt-7fad
summary TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31049
reference_id
reference_type
scores
0
value 0.0063
scoring_system epss
scoring_elements 0.70881
published_at 2026-06-13T12:55:00Z
1
value 0.0063
scoring_system epss
scoring_elements 0.70869
published_at 2026-06-12T12:55:00Z
2
value 0.0063
scoring_system epss
scoring_elements 0.70778
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31049
1
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31049
reference_id CVE-2022-31049
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31049
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31049.yaml
reference_id CVE-2022-31049.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31049.yaml
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31049.yaml
reference_id CVE-2022-31049.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31049.yaml
5
reference_url https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d
reference_id da611775f92102d7602713003f4c79606c8a445d
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:18Z/
url https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d
6
reference_url https://github.com/advisories/GHSA-h4mx-xv96-2jgm
reference_id GHSA-h4mx-xv96-2jgm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h4mx-xv96-2jgm
7
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm
reference_id GHSA-h4mx-xv96-2jgm
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:18Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-004
reference_id typo3-core-sa-2022-004
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:18Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-004
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.29
purl pkg:composer/typo3/cms-core@10.4.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-66qa-16we-wkdw
3
vulnerability VCID-6g94-zrcc-mqf2
4
vulnerability VCID-9f74-pxxq-3qea
5
vulnerability VCID-9fu7-2brx-j3az
6
vulnerability VCID-9kzb-yw93-rqd3
7
vulnerability VCID-9mh5-8n3y-93c8
8
vulnerability VCID-arjb-mbgt-97dh
9
vulnerability VCID-c34f-fptt-tfgt
10
vulnerability VCID-cmzk-5bm5-hbep
11
vulnerability VCID-d7rj-6q7r-dug5
12
vulnerability VCID-fajx-7vk2-yfd4
13
vulnerability VCID-g6wm-gjsy-7fdt
14
vulnerability VCID-humm-nga7-hbe4
15
vulnerability VCID-jtqp-g65r-93hs
16
vulnerability VCID-p2gb-esw8-3ya7
17
vulnerability VCID-qnk5-9jfz-5bhh
18
vulnerability VCID-rxu6-ccns-m3fk
19
vulnerability VCID-sq7n-ehxa-rbb9
20
vulnerability VCID-tyba-yxs8-7kgb
21
vulnerability VCID-u1bz-wj83-nbbt
22
vulnerability VCID-v1kq-a6wk-bka9
23
vulnerability VCID-vc1g-tqkt-w7gt
24
vulnerability VCID-ve54-aaqx-xkck
25
vulnerability VCID-wutq-k9ph-zyab
26
vulnerability VCID-x2ne-qxnz-rkem
27
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.29
1
url pkg:composer/typo3/cms-core@11.5.11
purl pkg:composer/typo3/cms-core@11.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-66qa-16we-wkdw
3
vulnerability VCID-6g94-zrcc-mqf2
4
vulnerability VCID-9f74-pxxq-3qea
5
vulnerability VCID-9fu7-2brx-j3az
6
vulnerability VCID-9kzb-yw93-rqd3
7
vulnerability VCID-9mh5-8n3y-93c8
8
vulnerability VCID-arjb-mbgt-97dh
9
vulnerability VCID-c34f-fptt-tfgt
10
vulnerability VCID-cmzk-5bm5-hbep
11
vulnerability VCID-d7rj-6q7r-dug5
12
vulnerability VCID-fajx-7vk2-yfd4
13
vulnerability VCID-g6wm-gjsy-7fdt
14
vulnerability VCID-humm-nga7-hbe4
15
vulnerability VCID-jtqp-g65r-93hs
16
vulnerability VCID-p2gb-esw8-3ya7
17
vulnerability VCID-qnk5-9jfz-5bhh
18
vulnerability VCID-ra2c-x1g8-tyhy
19
vulnerability VCID-rxu6-ccns-m3fk
20
vulnerability VCID-sq7n-ehxa-rbb9
21
vulnerability VCID-tyba-yxs8-7kgb
22
vulnerability VCID-u1bz-wj83-nbbt
23
vulnerability VCID-v1kq-a6wk-bka9
24
vulnerability VCID-vc1g-tqkt-w7gt
25
vulnerability VCID-ve54-aaqx-xkck
26
vulnerability VCID-wutq-k9ph-zyab
27
vulnerability VCID-x2ne-qxnz-rkem
28
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.11
aliases CVE-2022-31049, GHSA-h4mx-xv96-2jgm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4ntq-jdtt-7fad
2
url VCID-5ddb-qvu6-c7dd
vulnerability_id VCID-5ddb-qvu6-c7dd
summary TYPO3 is an open source PHP based web content management system. Versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are subject to Sensitive Information Disclosure. Due to the lack of handling user-submitted YAML placeholder expressions in the site configuration backend module, attackers could expose sensitive internal information, such as system configuration or HTTP request messages of other website visitors. A valid backend user account having administrator privileges is needed to exploit this vulnerability. This issue has been patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23504
reference_id
reference_type
scores
0
value 0.00406
scoring_system epss
scoring_elements 0.61626
published_at 2026-06-13T12:55:00Z
1
value 0.00406
scoring_system epss
scoring_elements 0.61515
published_at 2026-06-11T12:55:00Z
2
value 0.00406
scoring_system epss
scoring_elements 0.61618
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23504
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23504.yaml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23504.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23504.yaml
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23504.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/d1e627ff7eef07bd94c53db861e85977b203900a
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/d1e627ff7eef07bd94c53db861e85977b203900a
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23504
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23504
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-016
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-016
7
reference_url https://github.com/advisories/GHSA-8w3p-qh3x-6gjr
reference_id GHSA-8w3p-qh3x-6gjr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8w3p-qh3x-6gjr
8
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr
reference_id GHSA-8w3p-qh3x-6gjr
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T19:21:01Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-8w3p-qh3x-6gjr
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.33
purl pkg:composer/typo3/cms-core@10.4.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-g6wm-gjsy-7fdt
6
vulnerability VCID-jtqp-g65r-93hs
7
vulnerability VCID-p2gb-esw8-3ya7
8
vulnerability VCID-qnk5-9jfz-5bhh
9
vulnerability VCID-rxu6-ccns-m3fk
10
vulnerability VCID-sq7n-ehxa-rbb9
11
vulnerability VCID-u1bz-wj83-nbbt
12
vulnerability VCID-vc1g-tqkt-w7gt
13
vulnerability VCID-ve54-aaqx-xkck
14
vulnerability VCID-wutq-k9ph-zyab
15
vulnerability VCID-x2ne-qxnz-rkem
16
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.33
1
url pkg:composer/typo3/cms-core@11.5.20
purl pkg:composer/typo3/cms-core@11.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-g6wm-gjsy-7fdt
6
vulnerability VCID-jtqp-g65r-93hs
7
vulnerability VCID-p2gb-esw8-3ya7
8
vulnerability VCID-qnk5-9jfz-5bhh
9
vulnerability VCID-rxu6-ccns-m3fk
10
vulnerability VCID-sq7n-ehxa-rbb9
11
vulnerability VCID-u1bz-wj83-nbbt
12
vulnerability VCID-vc1g-tqkt-w7gt
13
vulnerability VCID-ve54-aaqx-xkck
14
vulnerability VCID-wutq-k9ph-zyab
15
vulnerability VCID-x2ne-qxnz-rkem
16
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.20
2
url pkg:composer/typo3/cms-core@12.1.1
purl pkg:composer/typo3/cms-core@12.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-ant9-spg8-1ug5
5
vulnerability VCID-arjb-mbgt-97dh
6
vulnerability VCID-g6wm-gjsy-7fdt
7
vulnerability VCID-jtqp-g65r-93hs
8
vulnerability VCID-p2gb-esw8-3ya7
9
vulnerability VCID-qnk5-9jfz-5bhh
10
vulnerability VCID-rxu6-ccns-m3fk
11
vulnerability VCID-sq7n-ehxa-rbb9
12
vulnerability VCID-u1bz-wj83-nbbt
13
vulnerability VCID-vc1g-tqkt-w7gt
14
vulnerability VCID-ve54-aaqx-xkck
15
vulnerability VCID-wutq-k9ph-zyab
16
vulnerability VCID-x2ne-qxnz-rkem
17
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.1.1
aliases CVE-2022-23504, GHSA-8w3p-qh3x-6gjr, GMS-2022-8131
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ddb-qvu6-c7dd
3
url VCID-66qa-16we-wkdw
vulnerability_id VCID-66qa-16we-wkdw
summary TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36108
reference_id
reference_type
scores
0
value 0.00687
scoring_system epss
scoring_elements 0.7231
published_at 2026-06-13T12:55:00Z
1
value 0.00687
scoring_system epss
scoring_elements 0.72214
published_at 2026-06-11T12:55:00Z
2
value 0.00687
scoring_system epss
scoring_elements 0.72297
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36108
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/6863f73818c36b0b88c677ba533765c8074907b4
3
reference_url https://github.com/TYPO3/typo3/commit/c62e16fac031c270d9759c7261e504c7e25405df
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/c62e16fac031c270d9759c7261e504c7e25405df
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-010
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-010
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36108
reference_id CVE-2022-36108
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36108
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36108.yaml
reference_id CVE-2022-36108.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36108.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36108.yaml
reference_id CVE-2022-36108.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36108.yaml
8
reference_url https://github.com/advisories/GHSA-fv2m-9249-qx85
reference_id GHSA-fv2m-9249-qx85
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fv2m-9249-qx85
9
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85
reference_id GHSA-fv2m-9249-qx85
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-fv2m-9249-qx85
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.32
purl pkg:composer/typo3/cms-core@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-9f74-pxxq-3qea
3
vulnerability VCID-9fu7-2brx-j3az
4
vulnerability VCID-9kzb-yw93-rqd3
5
vulnerability VCID-9mh5-8n3y-93c8
6
vulnerability VCID-arjb-mbgt-97dh
7
vulnerability VCID-g6wm-gjsy-7fdt
8
vulnerability VCID-humm-nga7-hbe4
9
vulnerability VCID-jtqp-g65r-93hs
10
vulnerability VCID-p2gb-esw8-3ya7
11
vulnerability VCID-qnk5-9jfz-5bhh
12
vulnerability VCID-rxu6-ccns-m3fk
13
vulnerability VCID-sq7n-ehxa-rbb9
14
vulnerability VCID-tyba-yxs8-7kgb
15
vulnerability VCID-u1bz-wj83-nbbt
16
vulnerability VCID-v1kq-a6wk-bka9
17
vulnerability VCID-vc1g-tqkt-w7gt
18
vulnerability VCID-ve54-aaqx-xkck
19
vulnerability VCID-wutq-k9ph-zyab
20
vulnerability VCID-x2ne-qxnz-rkem
21
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.32
1
url pkg:composer/typo3/cms-core@11.5.16
purl pkg:composer/typo3/cms-core@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-9f74-pxxq-3qea
3
vulnerability VCID-9fu7-2brx-j3az
4
vulnerability VCID-9kzb-yw93-rqd3
5
vulnerability VCID-9mh5-8n3y-93c8
6
vulnerability VCID-arjb-mbgt-97dh
7
vulnerability VCID-g6wm-gjsy-7fdt
8
vulnerability VCID-humm-nga7-hbe4
9
vulnerability VCID-jtqp-g65r-93hs
10
vulnerability VCID-p2gb-esw8-3ya7
11
vulnerability VCID-qnk5-9jfz-5bhh
12
vulnerability VCID-rxu6-ccns-m3fk
13
vulnerability VCID-sq7n-ehxa-rbb9
14
vulnerability VCID-tyba-yxs8-7kgb
15
vulnerability VCID-u1bz-wj83-nbbt
16
vulnerability VCID-v1kq-a6wk-bka9
17
vulnerability VCID-vc1g-tqkt-w7gt
18
vulnerability VCID-ve54-aaqx-xkck
19
vulnerability VCID-wutq-k9ph-zyab
20
vulnerability VCID-x2ne-qxnz-rkem
21
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.16
aliases CVE-2022-36108, GHSA-fv2m-9249-qx85
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66qa-16we-wkdw
4
url VCID-6g94-zrcc-mqf2
vulnerability_id VCID-6g94-zrcc-mqf2
summary TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that the expiration time of a password reset link for TYPO3 backend users has never been evaluated. As a result, a password reset link could be used to perform a password reset even if the default expiry time of two hours has been exceeded. Update to TYPO3 version 10.4.32 or 11.5.16 that fix the problem. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36106
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41789
published_at 2026-06-11T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.41973
published_at 2026-06-13T12:55:00Z
2
value 0.00198
scoring_system epss
scoring_elements 0.41954
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36106
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/00b52a443b21baaaab35f8606dbb0ce427261bb5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/00b52a443b21baaaab35f8606dbb0ce427261bb5
3
reference_url https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a
reference_id 56af2bd3a432156c30af9be71c9d6f7ef3a6159a
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:44Z/
url https://github.com/TYPO3/typo3/commit/56af2bd3a432156c30af9be71c9d6f7ef3a6159a
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36106
reference_id CVE-2022-36106
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36106
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36106.yaml
reference_id CVE-2022-36106.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36106.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36106.yaml
reference_id CVE-2022-36106.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36106.yaml
7
reference_url https://github.com/advisories/GHSA-5959-4x58-r8c2
reference_id GHSA-5959-4x58-r8c2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5959-4x58-r8c2
8
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2
reference_id GHSA-5959-4x58-r8c2
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:44Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-5959-4x58-r8c2
9
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-008
reference_id typo3-core-sa-2022-008
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:44Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-008
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.32
purl pkg:composer/typo3/cms-core@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-9f74-pxxq-3qea
3
vulnerability VCID-9fu7-2brx-j3az
4
vulnerability VCID-9kzb-yw93-rqd3
5
vulnerability VCID-9mh5-8n3y-93c8
6
vulnerability VCID-arjb-mbgt-97dh
7
vulnerability VCID-g6wm-gjsy-7fdt
8
vulnerability VCID-humm-nga7-hbe4
9
vulnerability VCID-jtqp-g65r-93hs
10
vulnerability VCID-p2gb-esw8-3ya7
11
vulnerability VCID-qnk5-9jfz-5bhh
12
vulnerability VCID-rxu6-ccns-m3fk
13
vulnerability VCID-sq7n-ehxa-rbb9
14
vulnerability VCID-tyba-yxs8-7kgb
15
vulnerability VCID-u1bz-wj83-nbbt
16
vulnerability VCID-v1kq-a6wk-bka9
17
vulnerability VCID-vc1g-tqkt-w7gt
18
vulnerability VCID-ve54-aaqx-xkck
19
vulnerability VCID-wutq-k9ph-zyab
20
vulnerability VCID-x2ne-qxnz-rkem
21
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.32
1
url pkg:composer/typo3/cms-core@11.5.16
purl pkg:composer/typo3/cms-core@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-9f74-pxxq-3qea
3
vulnerability VCID-9fu7-2brx-j3az
4
vulnerability VCID-9kzb-yw93-rqd3
5
vulnerability VCID-9mh5-8n3y-93c8
6
vulnerability VCID-arjb-mbgt-97dh
7
vulnerability VCID-g6wm-gjsy-7fdt
8
vulnerability VCID-humm-nga7-hbe4
9
vulnerability VCID-jtqp-g65r-93hs
10
vulnerability VCID-p2gb-esw8-3ya7
11
vulnerability VCID-qnk5-9jfz-5bhh
12
vulnerability VCID-rxu6-ccns-m3fk
13
vulnerability VCID-sq7n-ehxa-rbb9
14
vulnerability VCID-tyba-yxs8-7kgb
15
vulnerability VCID-u1bz-wj83-nbbt
16
vulnerability VCID-v1kq-a6wk-bka9
17
vulnerability VCID-vc1g-tqkt-w7gt
18
vulnerability VCID-ve54-aaqx-xkck
19
vulnerability VCID-wutq-k9ph-zyab
20
vulnerability VCID-x2ne-qxnz-rkem
21
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.16
aliases CVE-2022-36106, GHSA-5959-4x58-r8c2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6g94-zrcc-mqf2
5
url VCID-9ce2-hvqa-97c5
vulnerability_id VCID-9ce2-hvqa-97c5
summary TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31046
reference_id
reference_type
scores
0
value 0.00148
scoring_system epss
scoring_elements 0.35361
published_at 2026-06-13T12:55:00Z
1
value 0.00148
scoring_system epss
scoring_elements 0.35337
published_at 2026-06-12T12:55:00Z
2
value 0.00148
scoring_system epss
scoring_elements 0.35159
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31046
1
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
2
reference_url https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9
reference_id 7447a3d1283017d2ee08737a7972c720001a93e9
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:21Z/
url https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31046
reference_id CVE-2022-31046
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31046
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31046.yaml
reference_id CVE-2022-31046.YAML
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31046.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31046.yaml
reference_id CVE-2022-31046.YAML
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31046.yaml
6
reference_url https://github.com/advisories/GHSA-8gmv-9hwg-w89g
reference_id GHSA-8gmv-9hwg-w89g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8gmv-9hwg-w89g
7
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g
reference_id GHSA-8gmv-9hwg-w89g
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:21Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-001
reference_id typo3-core-sa-2022-001
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:21Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-001
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.29
purl pkg:composer/typo3/cms-core@10.4.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-66qa-16we-wkdw
3
vulnerability VCID-6g94-zrcc-mqf2
4
vulnerability VCID-9f74-pxxq-3qea
5
vulnerability VCID-9fu7-2brx-j3az
6
vulnerability VCID-9kzb-yw93-rqd3
7
vulnerability VCID-9mh5-8n3y-93c8
8
vulnerability VCID-arjb-mbgt-97dh
9
vulnerability VCID-c34f-fptt-tfgt
10
vulnerability VCID-cmzk-5bm5-hbep
11
vulnerability VCID-d7rj-6q7r-dug5
12
vulnerability VCID-fajx-7vk2-yfd4
13
vulnerability VCID-g6wm-gjsy-7fdt
14
vulnerability VCID-humm-nga7-hbe4
15
vulnerability VCID-jtqp-g65r-93hs
16
vulnerability VCID-p2gb-esw8-3ya7
17
vulnerability VCID-qnk5-9jfz-5bhh
18
vulnerability VCID-rxu6-ccns-m3fk
19
vulnerability VCID-sq7n-ehxa-rbb9
20
vulnerability VCID-tyba-yxs8-7kgb
21
vulnerability VCID-u1bz-wj83-nbbt
22
vulnerability VCID-v1kq-a6wk-bka9
23
vulnerability VCID-vc1g-tqkt-w7gt
24
vulnerability VCID-ve54-aaqx-xkck
25
vulnerability VCID-wutq-k9ph-zyab
26
vulnerability VCID-x2ne-qxnz-rkem
27
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.29
1
url pkg:composer/typo3/cms-core@11.5.11
purl pkg:composer/typo3/cms-core@11.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-66qa-16we-wkdw
3
vulnerability VCID-6g94-zrcc-mqf2
4
vulnerability VCID-9f74-pxxq-3qea
5
vulnerability VCID-9fu7-2brx-j3az
6
vulnerability VCID-9kzb-yw93-rqd3
7
vulnerability VCID-9mh5-8n3y-93c8
8
vulnerability VCID-arjb-mbgt-97dh
9
vulnerability VCID-c34f-fptt-tfgt
10
vulnerability VCID-cmzk-5bm5-hbep
11
vulnerability VCID-d7rj-6q7r-dug5
12
vulnerability VCID-fajx-7vk2-yfd4
13
vulnerability VCID-g6wm-gjsy-7fdt
14
vulnerability VCID-humm-nga7-hbe4
15
vulnerability VCID-jtqp-g65r-93hs
16
vulnerability VCID-p2gb-esw8-3ya7
17
vulnerability VCID-qnk5-9jfz-5bhh
18
vulnerability VCID-ra2c-x1g8-tyhy
19
vulnerability VCID-rxu6-ccns-m3fk
20
vulnerability VCID-sq7n-ehxa-rbb9
21
vulnerability VCID-tyba-yxs8-7kgb
22
vulnerability VCID-u1bz-wj83-nbbt
23
vulnerability VCID-v1kq-a6wk-bka9
24
vulnerability VCID-vc1g-tqkt-w7gt
25
vulnerability VCID-ve54-aaqx-xkck
26
vulnerability VCID-wutq-k9ph-zyab
27
vulnerability VCID-x2ne-qxnz-rkem
28
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.11
aliases CVE-2022-31046, GHSA-8gmv-9hwg-w89g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ce2-hvqa-97c5
6
url VCID-9f74-pxxq-3qea
vulnerability_id VCID-9f74-pxxq-3qea
summary TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, failing to properly encode user-controlled values in file entities, the `ShowImageController` (`_eID tx_cms_showpic_`) is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to file entities. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34357
reference_id
reference_type
scores
0
value 0.00634
scoring_system epss
scoring_elements 0.7097
published_at 2026-06-13T12:55:00Z
1
value 0.00634
scoring_system epss
scoring_elements 0.70866
published_at 2026-06-11T12:55:00Z
2
value 0.00634
scoring_system epss
scoring_elements 0.70957
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34357
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/376474904f6b9a54dc1b785a2e45277cbd13b0d7
reference_id 376474904f6b9a54dc1b785a2e45277cbd13b0d7
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:47:12Z/
url https://github.com/TYPO3/typo3/commit/376474904f6b9a54dc1b785a2e45277cbd13b0d7
3
reference_url https://github.com/TYPO3/typo3/commit/b31d05d1da3eeaeead2d19eb43b1c3f9c88e15ee
reference_id b31d05d1da3eeaeead2d19eb43b1c3f9c88e15ee
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:47:12Z/
url https://github.com/TYPO3/typo3/commit/b31d05d1da3eeaeead2d19eb43b1c3f9c88e15ee
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34357
reference_id CVE-2024-34357
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34357
5
reference_url https://github.com/TYPO3/typo3/commit/d774642381354d3bf5095a5a26e18acd2767f0b1
reference_id d774642381354d3bf5095a5a26e18acd2767f0b1
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:47:12Z/
url https://github.com/TYPO3/typo3/commit/d774642381354d3bf5095a5a26e18acd2767f0b1
6
reference_url https://github.com/advisories/GHSA-hw6c-6gwq-3m3m
reference_id GHSA-hw6c-6gwq-3m3m
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hw6c-6gwq-3m3m
7
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-hw6c-6gwq-3m3m
reference_id GHSA-hw6c-6gwq-3m3m
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:47:12Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-hw6c-6gwq-3m3m
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2024-009
reference_id typo3-core-sa-2024-009
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:47:12Z/
url https://typo3.org/security/advisory/typo3-core-sa-2024-009
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.45
purl pkg:composer/typo3/cms-core@10.4.45
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.45
1
url pkg:composer/typo3/cms-core@11.5.37
purl pkg:composer/typo3/cms-core@11.5.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9mh5-8n3y-93c8
2
vulnerability VCID-arjb-mbgt-97dh
3
vulnerability VCID-qnk5-9jfz-5bhh
4
vulnerability VCID-u1bz-wj83-nbbt
5
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.37
2
url pkg:composer/typo3/cms-core@12.4.15
purl pkg:composer/typo3/cms-core@12.4.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9mh5-8n3y-93c8
2
vulnerability VCID-ant9-spg8-1ug5
3
vulnerability VCID-arjb-mbgt-97dh
4
vulnerability VCID-qnk5-9jfz-5bhh
5
vulnerability VCID-u1bz-wj83-nbbt
6
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.15
3
url pkg:composer/typo3/cms-core@13.1.1
purl pkg:composer/typo3/cms-core@13.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9mh5-8n3y-93c8
2
vulnerability VCID-ant9-spg8-1ug5
3
vulnerability VCID-arjb-mbgt-97dh
4
vulnerability VCID-qnk5-9jfz-5bhh
5
vulnerability VCID-u1bz-wj83-nbbt
6
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.1.1
aliases CVE-2024-34357, GHSA-hw6c-6gwq-3m3m
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9f74-pxxq-3qea
7
url VCID-9fu7-2brx-j3az
vulnerability_id VCID-9fu7-2brx-j3az
summary TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the `ShowImageController` (`_eID tx_cms_showpic_`) lacks a cryptographic HMAC-signature on the `frame` HTTP query parameter (e.g. `/index.php?eID=tx_cms_showpic?file=3&...&frame=12345`). This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34358
reference_id
reference_type
scores
0
value 0.0005
scoring_system epss
scoring_elements 0.16202
published_at 2026-06-13T12:55:00Z
1
value 0.0005
scoring_system epss
scoring_elements 0.16051
published_at 2026-06-11T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.16193
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34358
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/05c95fed869a1a6dcca06c7077b83b6ea866ff14
reference_id 05c95fed869a1a6dcca06c7077b83b6ea866ff14
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:43:40Z/
url https://github.com/TYPO3/typo3/commit/05c95fed869a1a6dcca06c7077b83b6ea866ff14
3
reference_url https://github.com/TYPO3/typo3/commit/1e70ebf736935413b0531004839362b4fb0755a5
reference_id 1e70ebf736935413b0531004839362b4fb0755a5
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:43:40Z/
url https://github.com/TYPO3/typo3/commit/1e70ebf736935413b0531004839362b4fb0755a5
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34358
reference_id CVE-2024-34358
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34358
5
reference_url https://github.com/TYPO3/typo3/commit/df7909b6a1cf0f12a42994d0cc3376b607746142
reference_id df7909b6a1cf0f12a42994d0cc3376b607746142
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:43:40Z/
url https://github.com/TYPO3/typo3/commit/df7909b6a1cf0f12a42994d0cc3376b607746142
6
reference_url https://github.com/advisories/GHSA-36g8-62qv-5957
reference_id GHSA-36g8-62qv-5957
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-36g8-62qv-5957
7
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957
reference_id GHSA-36g8-62qv-5957
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:43:40Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2024-010
reference_id typo3-core-sa-2024-010
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:43:40Z/
url https://typo3.org/security/advisory/typo3-core-sa-2024-010
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.45
purl pkg:composer/typo3/cms-core@10.4.45
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.45
1
url pkg:composer/typo3/cms-core@11.5.37
purl pkg:composer/typo3/cms-core@11.5.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9mh5-8n3y-93c8
2
vulnerability VCID-arjb-mbgt-97dh
3
vulnerability VCID-qnk5-9jfz-5bhh
4
vulnerability VCID-u1bz-wj83-nbbt
5
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.37
2
url pkg:composer/typo3/cms-core@12.4.15
purl pkg:composer/typo3/cms-core@12.4.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9mh5-8n3y-93c8
2
vulnerability VCID-ant9-spg8-1ug5
3
vulnerability VCID-arjb-mbgt-97dh
4
vulnerability VCID-qnk5-9jfz-5bhh
5
vulnerability VCID-u1bz-wj83-nbbt
6
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.15
3
url pkg:composer/typo3/cms-core@13.1.1
purl pkg:composer/typo3/cms-core@13.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9mh5-8n3y-93c8
2
vulnerability VCID-ant9-spg8-1ug5
3
vulnerability VCID-arjb-mbgt-97dh
4
vulnerability VCID-qnk5-9jfz-5bhh
5
vulnerability VCID-u1bz-wj83-nbbt
6
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.1.1
aliases CVE-2024-34358, GHSA-36g8-62qv-5957
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9fu7-2brx-j3az
8
url VCID-9kzb-yw93-rqd3
vulnerability_id VCID-9kzb-yw93-rqd3
summary TYPO3 is an open source PHP based web content management system. In versions prior to 9.5.38, 10.4.33, 11.5.20, and 12.1.1, requesting invalid or non-existing resources via HTTP triggers the page error handler, which again could retrieve content to be shown as an error message from another page. This leads to a scenario in which the application is calling itself recursively - amplifying the impact of the initial attack until the limits of the web server are exceeded. This vulnerability is very similar, but not identical, to the one described in CVE-2021-21359. This issue is patched in versions 9.5.38 ELTS, 10.4.33, 11.5.20 or 12.1.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23500
reference_id
reference_type
scores
0
value 0.00433
scoring_system epss
scoring_elements 0.633
published_at 2026-06-12T12:55:00Z
1
value 0.00433
scoring_system epss
scoring_elements 0.63312
published_at 2026-06-13T12:55:00Z
2
value 0.00433
scoring_system epss
scoring_elements 0.63198
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23500
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23500.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23500.yaml
2
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
3
reference_url https://github.com/TYPO3/typo3/commit/1e5f44417f031c9c5a9f9d09a6a841cf89aa7b7a
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/1e5f44417f031c9c5a9f9d09a6a841cf89aa7b7a
4
reference_url https://github.com/TYPO3/typo3/commit/73b46b6a627093112cfca4b895a198ca5e1970b7
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/73b46b6a627093112cfca4b895a198ca5e1970b7
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23500
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23500
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-012
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-012
7
reference_url https://github.com/advisories/GHSA-8c28-5mp7-v24h
reference_id GHSA-8c28-5mp7-v24h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8c28-5mp7-v24h
8
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h
reference_id GHSA-8c28-5mp7-v24h
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T14:53:56Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-8c28-5mp7-v24h
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.33
purl pkg:composer/typo3/cms-core@10.4.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-g6wm-gjsy-7fdt
6
vulnerability VCID-jtqp-g65r-93hs
7
vulnerability VCID-p2gb-esw8-3ya7
8
vulnerability VCID-qnk5-9jfz-5bhh
9
vulnerability VCID-rxu6-ccns-m3fk
10
vulnerability VCID-sq7n-ehxa-rbb9
11
vulnerability VCID-u1bz-wj83-nbbt
12
vulnerability VCID-vc1g-tqkt-w7gt
13
vulnerability VCID-ve54-aaqx-xkck
14
vulnerability VCID-wutq-k9ph-zyab
15
vulnerability VCID-x2ne-qxnz-rkem
16
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.33
1
url pkg:composer/typo3/cms-core@11.5.20
purl pkg:composer/typo3/cms-core@11.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-g6wm-gjsy-7fdt
6
vulnerability VCID-jtqp-g65r-93hs
7
vulnerability VCID-p2gb-esw8-3ya7
8
vulnerability VCID-qnk5-9jfz-5bhh
9
vulnerability VCID-rxu6-ccns-m3fk
10
vulnerability VCID-sq7n-ehxa-rbb9
11
vulnerability VCID-u1bz-wj83-nbbt
12
vulnerability VCID-vc1g-tqkt-w7gt
13
vulnerability VCID-ve54-aaqx-xkck
14
vulnerability VCID-wutq-k9ph-zyab
15
vulnerability VCID-x2ne-qxnz-rkem
16
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.20
aliases CVE-2022-23500, GHSA-8c28-5mp7-v24h, GMS-2022-8130
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kzb-yw93-rqd3
9
url VCID-9mh5-8n3y-93c8
vulnerability_id VCID-9mh5-8n3y-93c8
summary TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer (DBAL), frontend user permissions are only applied via `FrontendGroupRestriction` to the first table. As a result, data from additional tables included in the same query may be unintentionally exposed to unauthorized users. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47937
reference_id
reference_type
scores
0
value 0.00201
scoring_system epss
scoring_elements 0.4238
published_at 2026-06-13T12:55:00Z
1
value 0.00201
scoring_system epss
scoring_elements 0.42358
published_at 2026-06-12T12:55:00Z
2
value 0.00201
scoring_system epss
scoring_elements 0.42193
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47937
1
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-47937
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-47937
3
reference_url https://github.com/advisories/GHSA-x8pv-fgxp-8v3x
reference_id GHSA-x8pv-fgxp-8v3x
reference_type
scores
url https://github.com/advisories/GHSA-x8pv-fgxp-8v3x
4
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-x8pv-fgxp-8v3x
reference_id GHSA-x8pv-fgxp-8v3x
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T13:57:34Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-x8pv-fgxp-8v3x
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2025-011
reference_id typo3-core-sa-2025-011
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T13:57:34Z/
url https://typo3.org/security/advisory/typo3-core-sa-2025-011
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.50
purl pkg:composer/typo3/cms-core@10.4.50
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.50
1
url pkg:composer/typo3/cms-core@11.5.44
purl pkg:composer/typo3/cms-core@11.5.44
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.44
2
url pkg:composer/typo3/cms-core@12.4.31
purl pkg:composer/typo3/cms-core@12.4.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ant9-spg8-1ug5
1
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.31
3
url pkg:composer/typo3/cms-core@13.4.12
purl pkg:composer/typo3/cms-core@13.4.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ant9-spg8-1ug5
1
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.4.12
aliases CVE-2025-47937, GHSA-x8pv-fgxp-8v3x
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mh5-8n3y-93c8
10
url VCID-arjb-mbgt-97dh
vulnerability_id VCID-arjb-mbgt-97dh
summary TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalate their privileges and gain system maintainer access. Exploiting this vulnerability requires a valid administrator account. Users should update to TYPO3 version 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47940
reference_id
reference_type
scores
0
value 0.00316
scoring_system epss
scoring_elements 0.55156
published_at 2026-06-11T12:55:00Z
1
value 0.00316
scoring_system epss
scoring_elements 0.55293
published_at 2026-06-13T12:55:00Z
2
value 0.00316
scoring_system epss
scoring_elements 0.55277
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47940
1
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
2
reference_url https://github.com/TYPO3-CMS/core/commit/a659cc8c0ae05c44dd7f01d13629cdd2d0b7219b
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core/commit/a659cc8c0ae05c44dd7f01d13629cdd2d0b7219b
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-47940
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-47940
4
reference_url https://github.com/advisories/GHSA-6frx-j292-c844
reference_id GHSA-6frx-j292-c844
reference_type
scores
url https://github.com/advisories/GHSA-6frx-j292-c844
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-6frx-j292-c844
reference_id GHSA-6frx-j292-c844
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T14:35:19Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-6frx-j292-c844
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2025-016
reference_id typo3-core-sa-2025-016
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T14:35:19Z/
url https://typo3.org/security/advisory/typo3-core-sa-2025-016
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.50
purl pkg:composer/typo3/cms-core@10.4.50
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.50
1
url pkg:composer/typo3/cms-core@11.5.44
purl pkg:composer/typo3/cms-core@11.5.44
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.44
2
url pkg:composer/typo3/cms-core@12.4.31
purl pkg:composer/typo3/cms-core@12.4.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ant9-spg8-1ug5
1
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.31
3
url pkg:composer/typo3/cms-core@13.4.12
purl pkg:composer/typo3/cms-core@13.4.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ant9-spg8-1ug5
1
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.4.12
aliases CVE-2025-47940, GHSA-6frx-j292-c844
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-arjb-mbgt-97dh
11
url VCID-c34f-fptt-tfgt
vulnerability_id VCID-c34f-fptt-tfgt
summary TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
references
0
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
1
reference_url https://github.com/TYPO3/typo3/commit/d4f260570abd934fcf3819370a135bef33d729b7
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/d4f260570abd934fcf3819370a135bef33d729b7
2
reference_url https://github.com/advisories/GHSA-gqqf-g5r7-84vf
reference_id GHSA-gqqf-g5r7-84vf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gqqf-g5r7-84vf
3
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-gqqf-g5r7-84vf
reference_id GHSA-gqqf-g5r7-84vf
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-gqqf-g5r7-84vf
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.32
purl pkg:composer/typo3/cms-core@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-9f74-pxxq-3qea
3
vulnerability VCID-9fu7-2brx-j3az
4
vulnerability VCID-9kzb-yw93-rqd3
5
vulnerability VCID-9mh5-8n3y-93c8
6
vulnerability VCID-arjb-mbgt-97dh
7
vulnerability VCID-g6wm-gjsy-7fdt
8
vulnerability VCID-humm-nga7-hbe4
9
vulnerability VCID-jtqp-g65r-93hs
10
vulnerability VCID-p2gb-esw8-3ya7
11
vulnerability VCID-qnk5-9jfz-5bhh
12
vulnerability VCID-rxu6-ccns-m3fk
13
vulnerability VCID-sq7n-ehxa-rbb9
14
vulnerability VCID-tyba-yxs8-7kgb
15
vulnerability VCID-u1bz-wj83-nbbt
16
vulnerability VCID-v1kq-a6wk-bka9
17
vulnerability VCID-vc1g-tqkt-w7gt
18
vulnerability VCID-ve54-aaqx-xkck
19
vulnerability VCID-wutq-k9ph-zyab
20
vulnerability VCID-x2ne-qxnz-rkem
21
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.32
1
url pkg:composer/typo3/cms-core@11.5.16
purl pkg:composer/typo3/cms-core@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-9f74-pxxq-3qea
3
vulnerability VCID-9fu7-2brx-j3az
4
vulnerability VCID-9kzb-yw93-rqd3
5
vulnerability VCID-9mh5-8n3y-93c8
6
vulnerability VCID-arjb-mbgt-97dh
7
vulnerability VCID-g6wm-gjsy-7fdt
8
vulnerability VCID-humm-nga7-hbe4
9
vulnerability VCID-jtqp-g65r-93hs
10
vulnerability VCID-p2gb-esw8-3ya7
11
vulnerability VCID-qnk5-9jfz-5bhh
12
vulnerability VCID-rxu6-ccns-m3fk
13
vulnerability VCID-sq7n-ehxa-rbb9
14
vulnerability VCID-tyba-yxs8-7kgb
15
vulnerability VCID-u1bz-wj83-nbbt
16
vulnerability VCID-v1kq-a6wk-bka9
17
vulnerability VCID-vc1g-tqkt-w7gt
18
vulnerability VCID-ve54-aaqx-xkck
19
vulnerability VCID-wutq-k9ph-zyab
20
vulnerability VCID-x2ne-qxnz-rkem
21
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.16
aliases GHSA-gqqf-g5r7-84vf, GMS-2022-4096
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c34f-fptt-tfgt
12
url VCID-cmzk-5bm5-hbep
vulnerability_id VCID-cmzk-5bm5-hbep
summary The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. Due to a parsing issue in the upstream package `masterminds/html5`, malicious markup used in a sequence with special HTML comments cannot be filtered and sanitized. This allows for a bypass of the cross-site scripting mechanism of `typo3/html-sanitizer`. This issue has been addressed in versions 1.0.7 and 2.0.16 of the `typo3/html-sanitizer` package. Users are advised to upgrade. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36020
reference_id
reference_type
scores
0
value 0.00318
scoring_system epss
scoring_elements 0.55392
published_at 2026-06-12T12:55:00Z
1
value 0.00318
scoring_system epss
scoring_elements 0.55408
published_at 2026-06-13T12:55:00Z
2
value 0.00318
scoring_system epss
scoring_elements 0.5527
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36020
1
reference_url https://github.com/TYPO3/html-sanitizer
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/html-sanitizer
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-011
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-011
3
reference_url https://github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493
reference_id 60bfdc7f9b394d0236e16ee4cea8372a7defa493
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:57Z/
url https://github.com/TYPO3/html-sanitizer/commit/60bfdc7f9b394d0236e16ee4cea8372a7defa493
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36020
reference_id CVE-2022-36020
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36020
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36020.yaml
reference_id CVE-2022-36020.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36020.yaml
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36020.yaml
reference_id CVE-2022-36020.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36020.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/html-sanitizer/CVE-2022-36020.yaml
reference_id CVE-2022-36020.YAML
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/html-sanitizer/CVE-2022-36020.yaml
8
reference_url https://github.com/advisories/GHSA-47m6-46mj-p235
reference_id GHSA-47m6-46mj-p235
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-47m6-46mj-p235
9
reference_url https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235
reference_id GHSA-47m6-46mj-p235
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:57Z/
url https://github.com/TYPO3/html-sanitizer/security/advisories/GHSA-47m6-46mj-p235
10
reference_url https://packagist.org/packages/masterminds/html5
reference_id html5
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:57Z/
url https://packagist.org/packages/masterminds/html5
11
reference_url https://packagist.org/packages/typo3/html-sanitizer
reference_id html-sanitizer
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:00:57Z/
url https://packagist.org/packages/typo3/html-sanitizer
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.32
purl pkg:composer/typo3/cms-core@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-9f74-pxxq-3qea
3
vulnerability VCID-9fu7-2brx-j3az
4
vulnerability VCID-9kzb-yw93-rqd3
5
vulnerability VCID-9mh5-8n3y-93c8
6
vulnerability VCID-arjb-mbgt-97dh
7
vulnerability VCID-g6wm-gjsy-7fdt
8
vulnerability VCID-humm-nga7-hbe4
9
vulnerability VCID-jtqp-g65r-93hs
10
vulnerability VCID-p2gb-esw8-3ya7
11
vulnerability VCID-qnk5-9jfz-5bhh
12
vulnerability VCID-rxu6-ccns-m3fk
13
vulnerability VCID-sq7n-ehxa-rbb9
14
vulnerability VCID-tyba-yxs8-7kgb
15
vulnerability VCID-u1bz-wj83-nbbt
16
vulnerability VCID-v1kq-a6wk-bka9
17
vulnerability VCID-vc1g-tqkt-w7gt
18
vulnerability VCID-ve54-aaqx-xkck
19
vulnerability VCID-wutq-k9ph-zyab
20
vulnerability VCID-x2ne-qxnz-rkem
21
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.32
1
url pkg:composer/typo3/cms-core@11.5.16
purl pkg:composer/typo3/cms-core@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-9f74-pxxq-3qea
3
vulnerability VCID-9fu7-2brx-j3az
4
vulnerability VCID-9kzb-yw93-rqd3
5
vulnerability VCID-9mh5-8n3y-93c8
6
vulnerability VCID-arjb-mbgt-97dh
7
vulnerability VCID-g6wm-gjsy-7fdt
8
vulnerability VCID-humm-nga7-hbe4
9
vulnerability VCID-jtqp-g65r-93hs
10
vulnerability VCID-p2gb-esw8-3ya7
11
vulnerability VCID-qnk5-9jfz-5bhh
12
vulnerability VCID-rxu6-ccns-m3fk
13
vulnerability VCID-sq7n-ehxa-rbb9
14
vulnerability VCID-tyba-yxs8-7kgb
15
vulnerability VCID-u1bz-wj83-nbbt
16
vulnerability VCID-v1kq-a6wk-bka9
17
vulnerability VCID-vc1g-tqkt-w7gt
18
vulnerability VCID-ve54-aaqx-xkck
19
vulnerability VCID-wutq-k9ph-zyab
20
vulnerability VCID-x2ne-qxnz-rkem
21
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.16
aliases CVE-2022-36020, GHSA-47m6-46mj-p235
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cmzk-5bm5-hbep
13
url VCID-d7rj-6q7r-dug5
vulnerability_id VCID-d7rj-6q7r-dug5
summary TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36107
reference_id
reference_type
scores
0
value 0.00687
scoring_system epss
scoring_elements 0.7231
published_at 2026-06-13T12:55:00Z
1
value 0.00687
scoring_system epss
scoring_elements 0.72214
published_at 2026-06-11T12:55:00Z
2
value 0.00687
scoring_system epss
scoring_elements 0.72297
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36107
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66
3
reference_url https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-009
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-009
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36107
reference_id CVE-2022-36107
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36107
6
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml
reference_id CVE-2022-36107.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml
7
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml
reference_id CVE-2022-36107.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml
8
reference_url https://github.com/advisories/GHSA-9c6w-55cp-5w25
reference_id GHSA-9c6w-55cp-5w25
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9c6w-55cp-5w25
9
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25
reference_id GHSA-9c6w-55cp-5w25
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.32
purl pkg:composer/typo3/cms-core@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-9f74-pxxq-3qea
3
vulnerability VCID-9fu7-2brx-j3az
4
vulnerability VCID-9kzb-yw93-rqd3
5
vulnerability VCID-9mh5-8n3y-93c8
6
vulnerability VCID-arjb-mbgt-97dh
7
vulnerability VCID-g6wm-gjsy-7fdt
8
vulnerability VCID-humm-nga7-hbe4
9
vulnerability VCID-jtqp-g65r-93hs
10
vulnerability VCID-p2gb-esw8-3ya7
11
vulnerability VCID-qnk5-9jfz-5bhh
12
vulnerability VCID-rxu6-ccns-m3fk
13
vulnerability VCID-sq7n-ehxa-rbb9
14
vulnerability VCID-tyba-yxs8-7kgb
15
vulnerability VCID-u1bz-wj83-nbbt
16
vulnerability VCID-v1kq-a6wk-bka9
17
vulnerability VCID-vc1g-tqkt-w7gt
18
vulnerability VCID-ve54-aaqx-xkck
19
vulnerability VCID-wutq-k9ph-zyab
20
vulnerability VCID-x2ne-qxnz-rkem
21
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.32
1
url pkg:composer/typo3/cms-core@11.5.16
purl pkg:composer/typo3/cms-core@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-9f74-pxxq-3qea
3
vulnerability VCID-9fu7-2brx-j3az
4
vulnerability VCID-9kzb-yw93-rqd3
5
vulnerability VCID-9mh5-8n3y-93c8
6
vulnerability VCID-arjb-mbgt-97dh
7
vulnerability VCID-g6wm-gjsy-7fdt
8
vulnerability VCID-humm-nga7-hbe4
9
vulnerability VCID-jtqp-g65r-93hs
10
vulnerability VCID-p2gb-esw8-3ya7
11
vulnerability VCID-qnk5-9jfz-5bhh
12
vulnerability VCID-rxu6-ccns-m3fk
13
vulnerability VCID-sq7n-ehxa-rbb9
14
vulnerability VCID-tyba-yxs8-7kgb
15
vulnerability VCID-u1bz-wj83-nbbt
16
vulnerability VCID-v1kq-a6wk-bka9
17
vulnerability VCID-vc1g-tqkt-w7gt
18
vulnerability VCID-ve54-aaqx-xkck
19
vulnerability VCID-wutq-k9ph-zyab
20
vulnerability VCID-x2ne-qxnz-rkem
21
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.16
aliases CVE-2022-36107, GHSA-9c6w-55cp-5w25
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d7rj-6q7r-dug5
14
url VCID-fajx-7vk2-yfd4
vulnerability_id VCID-fajx-7vk2-yfd4
summary TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take. Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix this problem. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36105
reference_id
reference_type
scores
0
value 0.00283
scoring_system epss
scoring_elements 0.52034
published_at 2026-06-11T12:55:00Z
1
value 0.00283
scoring_system epss
scoring_elements 0.52176
published_at 2026-06-13T12:55:00Z
2
value 0.00283
scoring_system epss
scoring_elements 0.52164
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36105
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/f0fc9c4cd7c38207c30dd158de53ee5d9d6f41a2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/f0fc9c4cd7c38207c30dd158de53ee5d9d6f41a2
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36105
reference_id CVE-2022-36105
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36105
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36105.yaml
reference_id CVE-2022-36105.YAML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36105.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36105.yaml
reference_id CVE-2022-36105.YAML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36105.yaml
6
reference_url https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6
reference_id f8b83ce15d4ea275a5a5e564e5d324242f7937b6
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6
7
reference_url https://github.com/advisories/GHSA-m392-235j-9r7r
reference_id GHSA-m392-235j-9r7r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m392-235j-9r7r
8
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r
reference_id GHSA-m392-235j-9r7r
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r
9
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-007
reference_id typo3-core-sa-2022-007
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-007
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.32
purl pkg:composer/typo3/cms-core@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-9f74-pxxq-3qea
3
vulnerability VCID-9fu7-2brx-j3az
4
vulnerability VCID-9kzb-yw93-rqd3
5
vulnerability VCID-9mh5-8n3y-93c8
6
vulnerability VCID-arjb-mbgt-97dh
7
vulnerability VCID-g6wm-gjsy-7fdt
8
vulnerability VCID-humm-nga7-hbe4
9
vulnerability VCID-jtqp-g65r-93hs
10
vulnerability VCID-p2gb-esw8-3ya7
11
vulnerability VCID-qnk5-9jfz-5bhh
12
vulnerability VCID-rxu6-ccns-m3fk
13
vulnerability VCID-sq7n-ehxa-rbb9
14
vulnerability VCID-tyba-yxs8-7kgb
15
vulnerability VCID-u1bz-wj83-nbbt
16
vulnerability VCID-v1kq-a6wk-bka9
17
vulnerability VCID-vc1g-tqkt-w7gt
18
vulnerability VCID-ve54-aaqx-xkck
19
vulnerability VCID-wutq-k9ph-zyab
20
vulnerability VCID-x2ne-qxnz-rkem
21
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.32
1
url pkg:composer/typo3/cms-core@11.5.16
purl pkg:composer/typo3/cms-core@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-9f74-pxxq-3qea
3
vulnerability VCID-9fu7-2brx-j3az
4
vulnerability VCID-9kzb-yw93-rqd3
5
vulnerability VCID-9mh5-8n3y-93c8
6
vulnerability VCID-arjb-mbgt-97dh
7
vulnerability VCID-g6wm-gjsy-7fdt
8
vulnerability VCID-humm-nga7-hbe4
9
vulnerability VCID-jtqp-g65r-93hs
10
vulnerability VCID-p2gb-esw8-3ya7
11
vulnerability VCID-qnk5-9jfz-5bhh
12
vulnerability VCID-rxu6-ccns-m3fk
13
vulnerability VCID-sq7n-ehxa-rbb9
14
vulnerability VCID-tyba-yxs8-7kgb
15
vulnerability VCID-u1bz-wj83-nbbt
16
vulnerability VCID-v1kq-a6wk-bka9
17
vulnerability VCID-vc1g-tqkt-w7gt
18
vulnerability VCID-ve54-aaqx-xkck
19
vulnerability VCID-wutq-k9ph-zyab
20
vulnerability VCID-x2ne-qxnz-rkem
21
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.16
aliases CVE-2022-36105, GHSA-m392-235j-9r7r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fajx-7vk2-yfd4
15
url VCID-g6wm-gjsy-7fdt
vulnerability_id VCID-g6wm-gjsy-7fdt
summary TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25120
reference_id
reference_type
scores
0
value 0.00188
scoring_system epss
scoring_elements 0.40538
published_at 2026-06-11T12:55:00Z
1
value 0.00188
scoring_system epss
scoring_elements 0.4073
published_at 2026-06-13T12:55:00Z
2
value 0.00188
scoring_system epss
scoring_elements 0.40706
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25120
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/2de87ff113ba24333ab7cbb8078588743f8958d6
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/2de87ff113ba24333ab7cbb8078588743f8958d6
3
reference_url https://github.com/TYPO3/typo3/commit/33f4d279b82bca0a509227a17065244c6156e68f
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/33f4d279b82bca0a509227a17065244c6156e68f
4
reference_url https://github.com/TYPO3/typo3/commit/ae0dfc4c058a90c10eedb3f49cfaf33164d21cdd
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/ae0dfc4c058a90c10eedb3f49cfaf33164d21cdd
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25120
reference_id CVE-2024-25120
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25120
6
reference_url https://github.com/advisories/GHSA-wf85-8hx9-gj7c
reference_id GHSA-wf85-8hx9-gj7c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wf85-8hx9-gj7c
7
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c
reference_id GHSA-wf85-8hx9-gj7c
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-14T15:55:10Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2024-005
reference_id typo3-core-sa-2024-005
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-14T15:55:10Z/
url https://typo3.org/security/advisory/typo3-core-sa-2024-005
9
reference_url https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references
reference_id Typolink.html#resource-references
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-14T15:55:10Z/
url https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.43
purl pkg:composer/typo3/cms-core@10.4.43
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43
1
url pkg:composer/typo3/cms-core@11.5.35
purl pkg:composer/typo3/cms-core@11.5.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-qnk5-9jfz-5bhh
6
vulnerability VCID-rxu6-ccns-m3fk
7
vulnerability VCID-u1bz-wj83-nbbt
8
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35
2
url pkg:composer/typo3/cms-core@12.4.11
purl pkg:composer/typo3/cms-core@12.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-ant9-spg8-1ug5
5
vulnerability VCID-arjb-mbgt-97dh
6
vulnerability VCID-qnk5-9jfz-5bhh
7
vulnerability VCID-rxu6-ccns-m3fk
8
vulnerability VCID-u1bz-wj83-nbbt
9
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11
3
url pkg:composer/typo3/cms-core@13.0.1
purl pkg:composer/typo3/cms-core@13.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-ant9-spg8-1ug5
5
vulnerability VCID-arjb-mbgt-97dh
6
vulnerability VCID-fn5d-fhbq-yyhv
7
vulnerability VCID-qnk5-9jfz-5bhh
8
vulnerability VCID-rxu6-ccns-m3fk
9
vulnerability VCID-u1bz-wj83-nbbt
10
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1
aliases CVE-2024-25120, GHSA-wf85-8hx9-gj7c
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g6wm-gjsy-7fdt
16
url VCID-humm-nga7-hbe4
vulnerability_id VCID-humm-nga7-hbe4
summary TYPO3 is an open source PHP based web content management system. In versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 TYPO3 is vulnerable to Improper Authentication. Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23501
reference_id
reference_type
scores
0
value 0.00198
scoring_system epss
scoring_elements 0.41942
published_at 2026-06-13T12:55:00Z
1
value 0.00198
scoring_system epss
scoring_elements 0.41758
published_at 2026-06-11T12:55:00Z
2
value 0.00198
scoring_system epss
scoring_elements 0.41924
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23501
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23501.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23501.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23501.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23501.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/28be9cdb3fed02ce4cfc6fa2d39f7d8e2266eced
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/28be9cdb3fed02ce4cfc6fa2d39f7d8e2266eced
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23501
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23501
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-013
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-013
7
reference_url https://github.com/advisories/GHSA-jfp7-79g7-89rf
reference_id GHSA-jfp7-79g7-89rf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jfp7-79g7-89rf
8
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf
reference_id GHSA-jfp7-79g7-89rf
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T18:48:00Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.33
purl pkg:composer/typo3/cms-core@10.4.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-g6wm-gjsy-7fdt
6
vulnerability VCID-jtqp-g65r-93hs
7
vulnerability VCID-p2gb-esw8-3ya7
8
vulnerability VCID-qnk5-9jfz-5bhh
9
vulnerability VCID-rxu6-ccns-m3fk
10
vulnerability VCID-sq7n-ehxa-rbb9
11
vulnerability VCID-u1bz-wj83-nbbt
12
vulnerability VCID-vc1g-tqkt-w7gt
13
vulnerability VCID-ve54-aaqx-xkck
14
vulnerability VCID-wutq-k9ph-zyab
15
vulnerability VCID-x2ne-qxnz-rkem
16
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.33
1
url pkg:composer/typo3/cms-core@11.5.20
purl pkg:composer/typo3/cms-core@11.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-g6wm-gjsy-7fdt
6
vulnerability VCID-jtqp-g65r-93hs
7
vulnerability VCID-p2gb-esw8-3ya7
8
vulnerability VCID-qnk5-9jfz-5bhh
9
vulnerability VCID-rxu6-ccns-m3fk
10
vulnerability VCID-sq7n-ehxa-rbb9
11
vulnerability VCID-u1bz-wj83-nbbt
12
vulnerability VCID-vc1g-tqkt-w7gt
13
vulnerability VCID-ve54-aaqx-xkck
14
vulnerability VCID-wutq-k9ph-zyab
15
vulnerability VCID-x2ne-qxnz-rkem
16
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.20
2
url pkg:composer/typo3/cms-core@12.1.1
purl pkg:composer/typo3/cms-core@12.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-ant9-spg8-1ug5
5
vulnerability VCID-arjb-mbgt-97dh
6
vulnerability VCID-g6wm-gjsy-7fdt
7
vulnerability VCID-jtqp-g65r-93hs
8
vulnerability VCID-p2gb-esw8-3ya7
9
vulnerability VCID-qnk5-9jfz-5bhh
10
vulnerability VCID-rxu6-ccns-m3fk
11
vulnerability VCID-sq7n-ehxa-rbb9
12
vulnerability VCID-u1bz-wj83-nbbt
13
vulnerability VCID-vc1g-tqkt-w7gt
14
vulnerability VCID-ve54-aaqx-xkck
15
vulnerability VCID-wutq-k9ph-zyab
16
vulnerability VCID-x2ne-qxnz-rkem
17
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.1.1
aliases CVE-2022-23501, GHSA-jfp7-79g7-89rf, GMS-2022-8134
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-humm-nga7-hbe4
17
url VCID-jtqp-g65r-93hs
vulnerability_id VCID-jtqp-g65r-93hs
summary TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-38499
reference_id
reference_type
scores
0
value 0.02247
scoring_system epss
scoring_elements 0.85
published_at 2026-06-13T12:55:00Z
1
value 0.02247
scoring_system epss
scoring_elements 0.84938
published_at 2026-06-11T12:55:00Z
2
value 0.02247
scoring_system epss
scoring_elements 0.84991
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-38499
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-38499
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-38499
3
reference_url https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a
reference_id 702e2debd4b28f9cdb540544565fe6a8627ccb6a
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:16:37Z/
url https://github.com/TYPO3/typo3/commit/702e2debd4b28f9cdb540544565fe6a8627ccb6a
4
reference_url https://github.com/advisories/GHSA-jq6g-4v5m-wm9r
reference_id GHSA-jq6g-4v5m-wm9r
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jq6g-4v5m-wm9r
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r
reference_id GHSA-jq6g-4v5m-wm9r
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:16:37Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-jq6g-4v5m-wm9r
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2023-003
reference_id typo3-core-sa-2023-003
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T18:16:37Z/
url https://typo3.org/security/advisory/typo3-core-sa-2023-003
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.39
purl pkg:composer/typo3/cms-core@10.4.39
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.39
1
url pkg:composer/typo3/cms-core@11.5.30
purl pkg:composer/typo3/cms-core@11.5.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-g6wm-gjsy-7fdt
6
vulnerability VCID-qnk5-9jfz-5bhh
7
vulnerability VCID-rxu6-ccns-m3fk
8
vulnerability VCID-sq7n-ehxa-rbb9
9
vulnerability VCID-u1bz-wj83-nbbt
10
vulnerability VCID-vc1g-tqkt-w7gt
11
vulnerability VCID-ve54-aaqx-xkck
12
vulnerability VCID-wutq-k9ph-zyab
13
vulnerability VCID-x2ne-qxnz-rkem
14
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.30
2
url pkg:composer/typo3/cms-core@12.4.4
purl pkg:composer/typo3/cms-core@12.4.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-ant9-spg8-1ug5
5
vulnerability VCID-arjb-mbgt-97dh
6
vulnerability VCID-g6wm-gjsy-7fdt
7
vulnerability VCID-qnk5-9jfz-5bhh
8
vulnerability VCID-rxu6-ccns-m3fk
9
vulnerability VCID-sq7n-ehxa-rbb9
10
vulnerability VCID-u1bz-wj83-nbbt
11
vulnerability VCID-vc1g-tqkt-w7gt
12
vulnerability VCID-ve54-aaqx-xkck
13
vulnerability VCID-wutq-k9ph-zyab
14
vulnerability VCID-x2ne-qxnz-rkem
15
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.4
aliases CVE-2023-38499, GHSA-jq6g-4v5m-wm9r
risk_score 1.6
exploitability 0.5
weighted_severity 3.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jtqp-g65r-93hs
18
url VCID-p2gb-esw8-3ya7
vulnerability_id VCID-p2gb-esw8-3ya7
summary TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. In affected versions the TYPO3 core component `GeneralUtility::getIndpEnv()` uses the unfiltered server environment variable `PATH_INFO`, which allows attackers to inject malicious content. In combination with the TypoScript setting `config.absRefPrefix=auto`, attackers can inject malicious HTML code to pages that have not been rendered and cached, yet. As a result, injected values would be cached and delivered to other website visitors (persisted cross-site scripting). Individual code which relies on the resolved value of `GeneralUtility::getIndpEnv('SCRIPT_NAME')` and corresponding usages (as shown below) are vulnerable as well. Additional investigations confirmed that at least Apache web server deployments using CGI (FPM, FCGI/FastCGI, and similar) are affected. However, there still might be the risk that other scenarios like nginx, IIS, or Apache/mod_php are vulnerable. The usage of server environment variable `PATH_INFO` has been removed from corresponding processings in `GeneralUtility::getIndpEnv()`. Besides that, the public property `TypoScriptFrontendController::$absRefPrefix` is encoded for both being used as a URI component and for being used as a prefix in an HTML context. This mitigates the cross-site scripting vulnerability. Users are advised to update to TYPO3 versions 8.7.51 ELTS, 9.5.40 ELTS, 10.4.35 LTS, 11.5.23 LTS and 12.2.0 which fix this problem. For users who are unable to patch in a timely manner the TypoScript setting `config.absRefPrefix` should at least be set to a static path value, instead of using auto - e.g. `config.absRefPrefix=/`. This workaround **does not fix all aspects of the vulnerability**, and is just considered to be an intermediate mitigation to the most prominent manifestation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-24814
reference_id
reference_type
scores
0
value 0.00867
scoring_system epss
scoring_elements 0.7568
published_at 2026-06-13T12:55:00Z
1
value 0.00867
scoring_system epss
scoring_elements 0.75597
published_at 2026-06-11T12:55:00Z
2
value 0.00867
scoring_system epss
scoring_elements 0.75667
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-24814
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2023-24814.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2023-24814.yaml
2
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-24814
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-24814
4
reference_url https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a
reference_id 0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/
url https://github.com/TYPO3/typo3/commit/0005a6fd86ab97eff8bf2e3a5828bf0e7cb6263a
5
reference_url https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484
reference_id GeneralUtility.php#L2481-L2484
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/
url https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/core/Classes/Utility/GeneralUtility.php#L2481-L2484
6
reference_url https://github.com/advisories/GHSA-r4f8-f93x-5qh3
reference_id GHSA-r4f8-f93x-5qh3
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r4f8-f93x-5qh3
7
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3
reference_id GHSA-r4f8-f93x-5qh3
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-r4f8-f93x-5qh3
8
reference_url https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix
reference_id Index.html#absrefprefix
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/
url https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Setup/Config/Index.html#absrefprefix
9
reference_url https://typo3.org/security/advisory/typo3-core-sa-2023-001
reference_id typo3-core-sa-2023-001
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/
url https://typo3.org/security/advisory/typo3-core-sa-2023-001
10
reference_url https://typo3.org/security/advisory/typo3-psa-2023-001
reference_id typo3-psa-2023-001
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/
url https://typo3.org/security/advisory/typo3-psa-2023-001
11
reference_url https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549
reference_id TypoScriptFrontendController.php#L2547-L2549
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:14Z/
url https://github.com/TYPO3/typo3/blob/v11.5.22/typo3/sysext/frontend/Classes/Controller/TypoScriptFrontendController.php#L2547-L2549
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.36
purl pkg:composer/typo3/cms-core@10.4.36
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-g6wm-gjsy-7fdt
6
vulnerability VCID-jtqp-g65r-93hs
7
vulnerability VCID-qnk5-9jfz-5bhh
8
vulnerability VCID-rxu6-ccns-m3fk
9
vulnerability VCID-sq7n-ehxa-rbb9
10
vulnerability VCID-u1bz-wj83-nbbt
11
vulnerability VCID-vc1g-tqkt-w7gt
12
vulnerability VCID-ve54-aaqx-xkck
13
vulnerability VCID-wutq-k9ph-zyab
14
vulnerability VCID-x2ne-qxnz-rkem
15
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.36
1
url pkg:composer/typo3/cms-core@11.5.23
purl pkg:composer/typo3/cms-core@11.5.23
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-g6wm-gjsy-7fdt
6
vulnerability VCID-jtqp-g65r-93hs
7
vulnerability VCID-qnk5-9jfz-5bhh
8
vulnerability VCID-rxu6-ccns-m3fk
9
vulnerability VCID-sq7n-ehxa-rbb9
10
vulnerability VCID-u1bz-wj83-nbbt
11
vulnerability VCID-vc1g-tqkt-w7gt
12
vulnerability VCID-ve54-aaqx-xkck
13
vulnerability VCID-wutq-k9ph-zyab
14
vulnerability VCID-x2ne-qxnz-rkem
15
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.23
2
url pkg:composer/typo3/cms-core@12.2.0
purl pkg:composer/typo3/cms-core@12.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-ant9-spg8-1ug5
5
vulnerability VCID-arjb-mbgt-97dh
6
vulnerability VCID-g6wm-gjsy-7fdt
7
vulnerability VCID-jtqp-g65r-93hs
8
vulnerability VCID-qnk5-9jfz-5bhh
9
vulnerability VCID-rxu6-ccns-m3fk
10
vulnerability VCID-sq7n-ehxa-rbb9
11
vulnerability VCID-u1bz-wj83-nbbt
12
vulnerability VCID-vc1g-tqkt-w7gt
13
vulnerability VCID-ve54-aaqx-xkck
14
vulnerability VCID-wutq-k9ph-zyab
15
vulnerability VCID-x2ne-qxnz-rkem
16
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.2.0
aliases CVE-2023-24814, GHSA-r4f8-f93x-5qh3
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p2gb-esw8-3ya7
19
url VCID-qnk5-9jfz-5bhh
vulnerability_id VCID-qnk5-9jfz-5bhh
summary TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. Users are advised to update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3 which fix the problem described. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-55892
reference_id
reference_type
scores
0
value 0.00253
scoring_system epss
scoring_elements 0.48868
published_at 2026-06-11T12:55:00Z
1
value 0.00253
scoring_system epss
scoring_elements 0.49022
published_at 2026-06-13T12:55:00Z
2
value 0.00253
scoring_system epss
scoring_elements 0.49004
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-55892
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/a4abf48d254685f43383e6e7f80d48aebaea56af
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/a4abf48d254685f43383e6e7f80d48aebaea56af
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-55892
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-55892
4
reference_url https://github.com/advisories/GHSA-2fx5-pggv-6jjr
reference_id GHSA-2fx5-pggv-6jjr
reference_type
scores
url https://github.com/advisories/GHSA-2fx5-pggv-6jjr
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-2fx5-pggv-6jjr
reference_id GHSA-2fx5-pggv-6jjr
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T20:12:41Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-2fx5-pggv-6jjr
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2025-002
reference_id typo3-core-sa-2025-002
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T20:12:41Z/
url https://typo3.org/security/advisory/typo3-core-sa-2025-002
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.48
purl pkg:composer/typo3/cms-core@10.4.48
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.48
1
url pkg:composer/typo3/cms-core@11.5.42
purl pkg:composer/typo3/cms-core@11.5.42
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.42
2
url pkg:composer/typo3/cms-core@12.4.25
purl pkg:composer/typo3/cms-core@12.4.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9mh5-8n3y-93c8
2
vulnerability VCID-ant9-spg8-1ug5
3
vulnerability VCID-arjb-mbgt-97dh
4
vulnerability VCID-u1bz-wj83-nbbt
5
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.25
3
url pkg:composer/typo3/cms-core@13.4.3
purl pkg:composer/typo3/cms-core@13.4.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9mh5-8n3y-93c8
2
vulnerability VCID-ant9-spg8-1ug5
3
vulnerability VCID-arjb-mbgt-97dh
4
vulnerability VCID-u1bz-wj83-nbbt
5
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.4.3
aliases CVE-2024-55892, GHSA-2fx5-pggv-6jjr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnk5-9jfz-5bhh
20
url VCID-rmxx-e239-5uf8
vulnerability_id VCID-rmxx-e239-5uf8
summary TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31048
reference_id
reference_type
scores
0
value 0.0063
scoring_system epss
scoring_elements 0.70778
published_at 2026-06-11T12:55:00Z
1
value 0.0063
scoring_system epss
scoring_elements 0.70881
published_at 2026-06-13T12:55:00Z
2
value 0.0063
scoring_system epss
scoring_elements 0.70869
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31048
1
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
2
reference_url https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0
reference_id 6f2554dc4ea0b670fd5599c54fd788d4db96c4a0
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:16Z/
url https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31048
reference_id CVE-2022-31048
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31048
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31048.yaml
reference_id CVE-2022-31048.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-31048.yaml
5
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31048.yaml
reference_id CVE-2022-31048.YAML
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31048.yaml
6
reference_url https://github.com/advisories/GHSA-3r95-23jp-mhvg
reference_id GHSA-3r95-23jp-mhvg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3r95-23jp-mhvg
7
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg
reference_id GHSA-3r95-23jp-mhvg
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:16Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-003
reference_id typo3-core-sa-2022-003
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:16Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-003
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.29
purl pkg:composer/typo3/cms-core@10.4.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-66qa-16we-wkdw
3
vulnerability VCID-6g94-zrcc-mqf2
4
vulnerability VCID-9f74-pxxq-3qea
5
vulnerability VCID-9fu7-2brx-j3az
6
vulnerability VCID-9kzb-yw93-rqd3
7
vulnerability VCID-9mh5-8n3y-93c8
8
vulnerability VCID-arjb-mbgt-97dh
9
vulnerability VCID-c34f-fptt-tfgt
10
vulnerability VCID-cmzk-5bm5-hbep
11
vulnerability VCID-d7rj-6q7r-dug5
12
vulnerability VCID-fajx-7vk2-yfd4
13
vulnerability VCID-g6wm-gjsy-7fdt
14
vulnerability VCID-humm-nga7-hbe4
15
vulnerability VCID-jtqp-g65r-93hs
16
vulnerability VCID-p2gb-esw8-3ya7
17
vulnerability VCID-qnk5-9jfz-5bhh
18
vulnerability VCID-rxu6-ccns-m3fk
19
vulnerability VCID-sq7n-ehxa-rbb9
20
vulnerability VCID-tyba-yxs8-7kgb
21
vulnerability VCID-u1bz-wj83-nbbt
22
vulnerability VCID-v1kq-a6wk-bka9
23
vulnerability VCID-vc1g-tqkt-w7gt
24
vulnerability VCID-ve54-aaqx-xkck
25
vulnerability VCID-wutq-k9ph-zyab
26
vulnerability VCID-x2ne-qxnz-rkem
27
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.29
1
url pkg:composer/typo3/cms-core@11.5.11
purl pkg:composer/typo3/cms-core@11.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-66qa-16we-wkdw
3
vulnerability VCID-6g94-zrcc-mqf2
4
vulnerability VCID-9f74-pxxq-3qea
5
vulnerability VCID-9fu7-2brx-j3az
6
vulnerability VCID-9kzb-yw93-rqd3
7
vulnerability VCID-9mh5-8n3y-93c8
8
vulnerability VCID-arjb-mbgt-97dh
9
vulnerability VCID-c34f-fptt-tfgt
10
vulnerability VCID-cmzk-5bm5-hbep
11
vulnerability VCID-d7rj-6q7r-dug5
12
vulnerability VCID-fajx-7vk2-yfd4
13
vulnerability VCID-g6wm-gjsy-7fdt
14
vulnerability VCID-humm-nga7-hbe4
15
vulnerability VCID-jtqp-g65r-93hs
16
vulnerability VCID-p2gb-esw8-3ya7
17
vulnerability VCID-qnk5-9jfz-5bhh
18
vulnerability VCID-ra2c-x1g8-tyhy
19
vulnerability VCID-rxu6-ccns-m3fk
20
vulnerability VCID-sq7n-ehxa-rbb9
21
vulnerability VCID-tyba-yxs8-7kgb
22
vulnerability VCID-u1bz-wj83-nbbt
23
vulnerability VCID-v1kq-a6wk-bka9
24
vulnerability VCID-vc1g-tqkt-w7gt
25
vulnerability VCID-ve54-aaqx-xkck
26
vulnerability VCID-wutq-k9ph-zyab
27
vulnerability VCID-x2ne-qxnz-rkem
28
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.11
aliases CVE-2022-31048, GHSA-3r95-23jp-mhvg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rmxx-e239-5uf8
21
url VCID-rxu6-ccns-m3fk
vulnerability_id VCID-rxu6-ccns-m3fk
summary TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1 fix the problem described.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-34356
reference_id
reference_type
scores
0
value 0.00634
scoring_system epss
scoring_elements 0.7097
published_at 2026-06-13T12:55:00Z
1
value 0.00634
scoring_system epss
scoring_elements 0.70866
published_at 2026-06-11T12:55:00Z
2
value 0.00634
scoring_system epss
scoring_elements 0.70957
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-34356
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/2832e2f51f929aeddb5de7d667538a33ceda8156
reference_id 2832e2f51f929aeddb5de7d667538a33ceda8156
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-14T15:21:11Z/
url https://github.com/TYPO3/typo3/commit/2832e2f51f929aeddb5de7d667538a33ceda8156
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-34356
reference_id CVE-2024-34356
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-34356
4
reference_url https://github.com/TYPO3/typo3/commit/d0393a879a32fb4e3569acad6bdb5cda776be1e5
reference_id d0393a879a32fb4e3569acad6bdb5cda776be1e5
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-14T15:21:11Z/
url https://github.com/TYPO3/typo3/commit/d0393a879a32fb4e3569acad6bdb5cda776be1e5
5
reference_url https://github.com/TYPO3/typo3/commit/e95a1224719efafb9cab2d85964f240fd0356e64
reference_id e95a1224719efafb9cab2d85964f240fd0356e64
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-14T15:21:11Z/
url https://github.com/TYPO3/typo3/commit/e95a1224719efafb9cab2d85964f240fd0356e64
6
reference_url https://github.com/advisories/GHSA-v6mw-h7w6-59w3
reference_id GHSA-v6mw-h7w6-59w3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v6mw-h7w6-59w3
7
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-v6mw-h7w6-59w3
reference_id GHSA-v6mw-h7w6-59w3
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-14T15:21:11Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-v6mw-h7w6-59w3
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2024-008
reference_id typo3-core-sa-2024-008
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-14T15:21:11Z/
url https://typo3.org/security/advisory/typo3-core-sa-2024-008
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.45
purl pkg:composer/typo3/cms-core@10.4.45
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.45
1
url pkg:composer/typo3/cms-core@11.5.37
purl pkg:composer/typo3/cms-core@11.5.37
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9mh5-8n3y-93c8
2
vulnerability VCID-arjb-mbgt-97dh
3
vulnerability VCID-qnk5-9jfz-5bhh
4
vulnerability VCID-u1bz-wj83-nbbt
5
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.37
2
url pkg:composer/typo3/cms-core@12.4.15
purl pkg:composer/typo3/cms-core@12.4.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9mh5-8n3y-93c8
2
vulnerability VCID-ant9-spg8-1ug5
3
vulnerability VCID-arjb-mbgt-97dh
4
vulnerability VCID-qnk5-9jfz-5bhh
5
vulnerability VCID-u1bz-wj83-nbbt
6
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.15
3
url pkg:composer/typo3/cms-core@13.1.1
purl pkg:composer/typo3/cms-core@13.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9mh5-8n3y-93c8
2
vulnerability VCID-ant9-spg8-1ug5
3
vulnerability VCID-arjb-mbgt-97dh
4
vulnerability VCID-qnk5-9jfz-5bhh
5
vulnerability VCID-u1bz-wj83-nbbt
6
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.1.1
aliases CVE-2024-34356, GHSA-v6mw-h7w6-59w3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rxu6-ccns-m3fk
22
url VCID-sq7n-ehxa-rbb9
vulnerability_id VCID-sq7n-ehxa-rbb9
summary TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25118
reference_id
reference_type
scores
0
value 0.00508
scoring_system epss
scoring_elements 0.66765
published_at 2026-06-11T12:55:00Z
1
value 0.00508
scoring_system epss
scoring_elements 0.66871
published_at 2026-06-13T12:55:00Z
2
value 0.00508
scoring_system epss
scoring_elements 0.66857
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25118
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/1186b2fec8a665a8f228ed66e6d60abf8407c17b
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/1186b2fec8a665a8f228ed66e6d60abf8407c17b
3
reference_url https://github.com/TYPO3/typo3/commit/c7a135c25a14b852eebe4335f21ba3c606188f3a
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/c7a135c25a14b852eebe4335f21ba3c606188f3a
4
reference_url https://github.com/TYPO3/typo3/commit/cafc5af7fdce7734e6c8f9ecf2efd17b246fc049
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/cafc5af7fdce7734e6c8f9ecf2efd17b246fc049
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25118
reference_id CVE-2024-25118
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25118
6
reference_url https://github.com/advisories/GHSA-38r2-5695-334w
reference_id GHSA-38r2-5695-334w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-38r2-5695-334w
7
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w
reference_id GHSA-38r2-5695-334w
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T17:58:02Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2024-003
reference_id typo3-core-sa-2024-003
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-22T17:58:02Z/
url https://typo3.org/security/advisory/typo3-core-sa-2024-003
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.43
purl pkg:composer/typo3/cms-core@10.4.43
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43
1
url pkg:composer/typo3/cms-core@11.5.35
purl pkg:composer/typo3/cms-core@11.5.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-qnk5-9jfz-5bhh
6
vulnerability VCID-rxu6-ccns-m3fk
7
vulnerability VCID-u1bz-wj83-nbbt
8
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35
2
url pkg:composer/typo3/cms-core@12.4.11
purl pkg:composer/typo3/cms-core@12.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-ant9-spg8-1ug5
5
vulnerability VCID-arjb-mbgt-97dh
6
vulnerability VCID-qnk5-9jfz-5bhh
7
vulnerability VCID-rxu6-ccns-m3fk
8
vulnerability VCID-u1bz-wj83-nbbt
9
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11
3
url pkg:composer/typo3/cms-core@13.0.1
purl pkg:composer/typo3/cms-core@13.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-ant9-spg8-1ug5
5
vulnerability VCID-arjb-mbgt-97dh
6
vulnerability VCID-fn5d-fhbq-yyhv
7
vulnerability VCID-qnk5-9jfz-5bhh
8
vulnerability VCID-rxu6-ccns-m3fk
9
vulnerability VCID-u1bz-wj83-nbbt
10
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1
aliases CVE-2024-25118, GHSA-38r2-5695-334w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sq7n-ehxa-rbb9
23
url VCID-tyba-yxs8-7kgb
vulnerability_id VCID-tyba-yxs8-7kgb
summary TYPO3 is an open source PHP based web content management system. Versions prior to 8.7.49, 9.5.38, 10.4.33, 11.5.20, and 12.1.1 are vulnerable to Code Injection. Due to the lack of separating user-submitted data from the internal configuration in the Form Designer backend module, it is possible to inject code instructions to be processed and executed via TypoScript as PHP code. The existence of individual TypoScript instructions for a particular form item and a valid backend user account with access to the form module are needed to exploit this vulnerability. This issue is patched in versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23503
reference_id
reference_type
scores
0
value 0.00483
scoring_system epss
scoring_elements 0.6578
published_at 2026-06-13T12:55:00Z
1
value 0.00483
scoring_system epss
scoring_elements 0.65668
published_at 2026-06-11T12:55:00Z
2
value 0.00483
scoring_system epss
scoring_elements 0.65765
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23503
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23503.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23503.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23503.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23503.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/1302e88565821f2159e08b5d818d28de17ecc830
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/1302e88565821f2159e08b5d818d28de17ecc830
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23503
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23503
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-015
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-015
7
reference_url https://github.com/advisories/GHSA-c5wx-6c2c-f7rm
reference_id GHSA-c5wx-6c2c-f7rm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-c5wx-6c2c-f7rm
8
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm
reference_id GHSA-c5wx-6c2c-f7rm
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-18T18:23:57Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-c5wx-6c2c-f7rm
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.33
purl pkg:composer/typo3/cms-core@10.4.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-g6wm-gjsy-7fdt
6
vulnerability VCID-jtqp-g65r-93hs
7
vulnerability VCID-p2gb-esw8-3ya7
8
vulnerability VCID-qnk5-9jfz-5bhh
9
vulnerability VCID-rxu6-ccns-m3fk
10
vulnerability VCID-sq7n-ehxa-rbb9
11
vulnerability VCID-u1bz-wj83-nbbt
12
vulnerability VCID-vc1g-tqkt-w7gt
13
vulnerability VCID-ve54-aaqx-xkck
14
vulnerability VCID-wutq-k9ph-zyab
15
vulnerability VCID-x2ne-qxnz-rkem
16
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.33
1
url pkg:composer/typo3/cms-core@11.5.20
purl pkg:composer/typo3/cms-core@11.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-g6wm-gjsy-7fdt
6
vulnerability VCID-jtqp-g65r-93hs
7
vulnerability VCID-p2gb-esw8-3ya7
8
vulnerability VCID-qnk5-9jfz-5bhh
9
vulnerability VCID-rxu6-ccns-m3fk
10
vulnerability VCID-sq7n-ehxa-rbb9
11
vulnerability VCID-u1bz-wj83-nbbt
12
vulnerability VCID-vc1g-tqkt-w7gt
13
vulnerability VCID-ve54-aaqx-xkck
14
vulnerability VCID-wutq-k9ph-zyab
15
vulnerability VCID-x2ne-qxnz-rkem
16
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.20
2
url pkg:composer/typo3/cms-core@12.1.1
purl pkg:composer/typo3/cms-core@12.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-ant9-spg8-1ug5
5
vulnerability VCID-arjb-mbgt-97dh
6
vulnerability VCID-g6wm-gjsy-7fdt
7
vulnerability VCID-jtqp-g65r-93hs
8
vulnerability VCID-p2gb-esw8-3ya7
9
vulnerability VCID-qnk5-9jfz-5bhh
10
vulnerability VCID-rxu6-ccns-m3fk
11
vulnerability VCID-sq7n-ehxa-rbb9
12
vulnerability VCID-u1bz-wj83-nbbt
13
vulnerability VCID-vc1g-tqkt-w7gt
14
vulnerability VCID-ve54-aaqx-xkck
15
vulnerability VCID-wutq-k9ph-zyab
16
vulnerability VCID-x2ne-qxnz-rkem
17
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.1.1
aliases CVE-2022-23503, GHSA-c5wx-6c2c-f7rm, GMS-2022-8132
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tyba-yxs8-7kgb
24
url VCID-u1bz-wj83-nbbt
vulnerability_id VCID-u1bz-wj83-nbbt
summary TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be considered potentially harmful, such as executable binaries (e.g., `.exe` files), or files with inconsistent file extensions and MIME types (for example, a file incorrectly named with a `.png` extension but actually carrying the MIME type `application/zip`) starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS. Although such files are not directly executable through the web server, their presence can introduce indirect risks. For example, third-party services such as antivirus scanners or malware detection systems might flag or block access to the website for end users if suspicious files are found. This could negatively affect the availability or reputation of the site. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-47939
reference_id
reference_type
scores
0
value 0.00129
scoring_system epss
scoring_elements 0.31863
published_at 2026-06-11T12:55:00Z
1
value 0.00129
scoring_system epss
scoring_elements 0.32065
published_at 2026-06-13T12:55:00Z
2
value 0.00129
scoring_system epss
scoring_elements 0.32049
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-47939
1
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
2
reference_url https://github.com/TYPO3-CMS/core/commit/c265beed6e2c01817c534a226e80e593400f8255
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core/commit/c265beed6e2c01817c534a226e80e593400f8255
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-47939
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-47939
4
reference_url https://github.com/advisories/GHSA-9hq9-cr36-4wpj
reference_id GHSA-9hq9-cr36-4wpj
reference_type
scores
url https://github.com/advisories/GHSA-9hq9-cr36-4wpj
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-9hq9-cr36-4wpj
reference_id GHSA-9hq9-cr36-4wpj
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T14:08:07Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-9hq9-cr36-4wpj
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2025-014
reference_id typo3-core-sa-2025-014
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T14:08:07Z/
url https://typo3.org/security/advisory/typo3-core-sa-2025-014
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.50
purl pkg:composer/typo3/cms-core@10.4.50
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.50
1
url pkg:composer/typo3/cms-core@11.5.44
purl pkg:composer/typo3/cms-core@11.5.44
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.44
2
url pkg:composer/typo3/cms-core@12.4.31
purl pkg:composer/typo3/cms-core@12.4.31
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ant9-spg8-1ug5
1
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.31
3
url pkg:composer/typo3/cms-core@13.4.12
purl pkg:composer/typo3/cms-core@13.4.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ant9-spg8-1ug5
1
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.4.12
aliases CVE-2025-47939, GHSA-9hq9-cr36-4wpj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u1bz-wj83-nbbt
25
url VCID-uspd-tbez-gbht
vulnerability_id VCID-uspd-tbez-gbht
summary TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31050
reference_id
reference_type
scores
0
value 0.00439
scoring_system epss
scoring_elements 0.63584
published_at 2026-06-11T12:55:00Z
1
value 0.00439
scoring_system epss
scoring_elements 0.63701
published_at 2026-06-13T12:55:00Z
2
value 0.00439
scoring_system epss
scoring_elements 0.63686
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31050
1
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
2
reference_url https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d
reference_id 592387972912290c135ebecc91768a67f83a3a4d
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:13Z/
url https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31050
reference_id CVE-2022-31050
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31050
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31050.yaml
reference_id CVE-2022-31050.YAML
reference_type
scores
0
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31050.yaml
5
reference_url https://github.com/advisories/GHSA-wwjw-r3gj-39fq
reference_id GHSA-wwjw-r3gj-39fq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wwjw-r3gj-39fq
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq
reference_id GHSA-wwjw-r3gj-39fq
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:13Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-005
reference_id typo3-core-sa-2022-005
reference_type
scores
0
value 6
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
1
value 6.0
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:13Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-005
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.29
purl pkg:composer/typo3/cms-core@10.4.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-66qa-16we-wkdw
3
vulnerability VCID-6g94-zrcc-mqf2
4
vulnerability VCID-9f74-pxxq-3qea
5
vulnerability VCID-9fu7-2brx-j3az
6
vulnerability VCID-9kzb-yw93-rqd3
7
vulnerability VCID-9mh5-8n3y-93c8
8
vulnerability VCID-arjb-mbgt-97dh
9
vulnerability VCID-c34f-fptt-tfgt
10
vulnerability VCID-cmzk-5bm5-hbep
11
vulnerability VCID-d7rj-6q7r-dug5
12
vulnerability VCID-fajx-7vk2-yfd4
13
vulnerability VCID-g6wm-gjsy-7fdt
14
vulnerability VCID-humm-nga7-hbe4
15
vulnerability VCID-jtqp-g65r-93hs
16
vulnerability VCID-p2gb-esw8-3ya7
17
vulnerability VCID-qnk5-9jfz-5bhh
18
vulnerability VCID-rxu6-ccns-m3fk
19
vulnerability VCID-sq7n-ehxa-rbb9
20
vulnerability VCID-tyba-yxs8-7kgb
21
vulnerability VCID-u1bz-wj83-nbbt
22
vulnerability VCID-v1kq-a6wk-bka9
23
vulnerability VCID-vc1g-tqkt-w7gt
24
vulnerability VCID-ve54-aaqx-xkck
25
vulnerability VCID-wutq-k9ph-zyab
26
vulnerability VCID-x2ne-qxnz-rkem
27
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.29
1
url pkg:composer/typo3/cms-core@11.5.11
purl pkg:composer/typo3/cms-core@11.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-66qa-16we-wkdw
3
vulnerability VCID-6g94-zrcc-mqf2
4
vulnerability VCID-9f74-pxxq-3qea
5
vulnerability VCID-9fu7-2brx-j3az
6
vulnerability VCID-9kzb-yw93-rqd3
7
vulnerability VCID-9mh5-8n3y-93c8
8
vulnerability VCID-arjb-mbgt-97dh
9
vulnerability VCID-c34f-fptt-tfgt
10
vulnerability VCID-cmzk-5bm5-hbep
11
vulnerability VCID-d7rj-6q7r-dug5
12
vulnerability VCID-fajx-7vk2-yfd4
13
vulnerability VCID-g6wm-gjsy-7fdt
14
vulnerability VCID-humm-nga7-hbe4
15
vulnerability VCID-jtqp-g65r-93hs
16
vulnerability VCID-p2gb-esw8-3ya7
17
vulnerability VCID-qnk5-9jfz-5bhh
18
vulnerability VCID-ra2c-x1g8-tyhy
19
vulnerability VCID-rxu6-ccns-m3fk
20
vulnerability VCID-sq7n-ehxa-rbb9
21
vulnerability VCID-tyba-yxs8-7kgb
22
vulnerability VCID-u1bz-wj83-nbbt
23
vulnerability VCID-v1kq-a6wk-bka9
24
vulnerability VCID-vc1g-tqkt-w7gt
25
vulnerability VCID-ve54-aaqx-xkck
26
vulnerability VCID-wutq-k9ph-zyab
27
vulnerability VCID-x2ne-qxnz-rkem
28
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.11
aliases CVE-2022-31050, GHSA-wwjw-r3gj-39fq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uspd-tbez-gbht
26
url VCID-v1kq-a6wk-bka9
vulnerability_id VCID-v1kq-a6wk-bka9
summary TYPO3 is an open source PHP based web content management system. In versions prior to 10.4.33, 11.5.20, and 12.1.1, When users reset their password using the corresponding password recovery functionality, existing sessions for that particular user account were not revoked. This applied to both frontend user sessions and backend user sessions. This issue is patched in versions 10.4.33, 11.5.20, 12.1.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23502
reference_id
reference_type
scores
0
value 0.00245
scoring_system epss
scoring_elements 0.48179
published_at 2026-06-13T12:55:00Z
1
value 0.00245
scoring_system epss
scoring_elements 0.48024
published_at 2026-06-11T12:55:00Z
2
value 0.00245
scoring_system epss
scoring_elements 0.48162
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23502
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23502.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23502.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23502.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23502.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/d9ffbf24fcc62068033ebb3912538347bd380a6c
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/d9ffbf24fcc62068033ebb3912538347bd380a6c
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23502
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23502
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-014
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-014
7
reference_url https://github.com/advisories/GHSA-mgj2-q8wp-29rr
reference_id GHSA-mgj2-q8wp-29rr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mgj2-q8wp-29rr
8
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr
reference_id GHSA-mgj2-q8wp-29rr
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T18:47:27Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-mgj2-q8wp-29rr
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.33
purl pkg:composer/typo3/cms-core@10.4.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-g6wm-gjsy-7fdt
6
vulnerability VCID-jtqp-g65r-93hs
7
vulnerability VCID-p2gb-esw8-3ya7
8
vulnerability VCID-qnk5-9jfz-5bhh
9
vulnerability VCID-rxu6-ccns-m3fk
10
vulnerability VCID-sq7n-ehxa-rbb9
11
vulnerability VCID-u1bz-wj83-nbbt
12
vulnerability VCID-vc1g-tqkt-w7gt
13
vulnerability VCID-ve54-aaqx-xkck
14
vulnerability VCID-wutq-k9ph-zyab
15
vulnerability VCID-x2ne-qxnz-rkem
16
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.33
1
url pkg:composer/typo3/cms-core@11.5.20
purl pkg:composer/typo3/cms-core@11.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-g6wm-gjsy-7fdt
6
vulnerability VCID-jtqp-g65r-93hs
7
vulnerability VCID-p2gb-esw8-3ya7
8
vulnerability VCID-qnk5-9jfz-5bhh
9
vulnerability VCID-rxu6-ccns-m3fk
10
vulnerability VCID-sq7n-ehxa-rbb9
11
vulnerability VCID-u1bz-wj83-nbbt
12
vulnerability VCID-vc1g-tqkt-w7gt
13
vulnerability VCID-ve54-aaqx-xkck
14
vulnerability VCID-wutq-k9ph-zyab
15
vulnerability VCID-x2ne-qxnz-rkem
16
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.20
2
url pkg:composer/typo3/cms-core@12.1.1
purl pkg:composer/typo3/cms-core@12.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-ant9-spg8-1ug5
5
vulnerability VCID-arjb-mbgt-97dh
6
vulnerability VCID-g6wm-gjsy-7fdt
7
vulnerability VCID-jtqp-g65r-93hs
8
vulnerability VCID-p2gb-esw8-3ya7
9
vulnerability VCID-qnk5-9jfz-5bhh
10
vulnerability VCID-rxu6-ccns-m3fk
11
vulnerability VCID-sq7n-ehxa-rbb9
12
vulnerability VCID-u1bz-wj83-nbbt
13
vulnerability VCID-vc1g-tqkt-w7gt
14
vulnerability VCID-ve54-aaqx-xkck
15
vulnerability VCID-wutq-k9ph-zyab
16
vulnerability VCID-x2ne-qxnz-rkem
17
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.1.1
aliases CVE-2022-23502, GHSA-mgj2-q8wp-29rr, GMS-2022-8135
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v1kq-a6wk-bka9
27
url VCID-vc1g-tqkt-w7gt
vulnerability_id VCID-vc1g-tqkt-w7gt
summary TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25121
reference_id
reference_type
scores
0
value 0.003
scoring_system epss
scoring_elements 0.53693
published_at 2026-06-11T12:55:00Z
1
value 0.003
scoring_system epss
scoring_elements 0.53836
published_at 2026-06-13T12:55:00Z
2
value 0.003
scoring_system epss
scoring_elements 0.53819
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25121
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/38f0bf9a61e10365be26eb75bc23a81184dbed07
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/38f0bf9a61e10365be26eb75bc23a81184dbed07
3
reference_url https://github.com/TYPO3/typo3/commit/71e652bf84b16fd3592205f61f36750ab03db74c
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/71e652bf84b16fd3592205f61f36750ab03db74c
4
reference_url https://github.com/TYPO3/typo3/commit/b47b6ddf5a5f3f852c6e43f837360780c12e3c47
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/b47b6ddf5a5f3f852c6e43f837360780c12e3c47
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25121
reference_id CVE-2024-25121
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25121
6
reference_url https://github.com/advisories/GHSA-rj3x-wvc6-5j66
reference_id GHSA-rj3x-wvc6-5j66
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rj3x-wvc6-5j66
7
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66
reference_id GHSA-rj3x-wvc6-5j66
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:07:53Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2024-006
reference_id typo3-core-sa-2024-006
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T19:07:53Z/
url https://typo3.org/security/advisory/typo3-core-sa-2024-006
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.43
purl pkg:composer/typo3/cms-core@10.4.43
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43
1
url pkg:composer/typo3/cms-core@11.5.35
purl pkg:composer/typo3/cms-core@11.5.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-qnk5-9jfz-5bhh
6
vulnerability VCID-rxu6-ccns-m3fk
7
vulnerability VCID-u1bz-wj83-nbbt
8
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35
2
url pkg:composer/typo3/cms-core@12.4.11
purl pkg:composer/typo3/cms-core@12.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-ant9-spg8-1ug5
5
vulnerability VCID-arjb-mbgt-97dh
6
vulnerability VCID-qnk5-9jfz-5bhh
7
vulnerability VCID-rxu6-ccns-m3fk
8
vulnerability VCID-u1bz-wj83-nbbt
9
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11
3
url pkg:composer/typo3/cms-core@13.0.1
purl pkg:composer/typo3/cms-core@13.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-ant9-spg8-1ug5
5
vulnerability VCID-arjb-mbgt-97dh
6
vulnerability VCID-fn5d-fhbq-yyhv
7
vulnerability VCID-qnk5-9jfz-5bhh
8
vulnerability VCID-rxu6-ccns-m3fk
9
vulnerability VCID-u1bz-wj83-nbbt
10
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1
aliases CVE-2024-25121, GHSA-rj3x-wvc6-5j66
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vc1g-tqkt-w7gt
28
url VCID-vcbt-ta48-vybq
vulnerability_id VCID-vcbt-ta48-vybq
summary TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31047
reference_id
reference_type
scores
0
value 0.00391
scoring_system epss
scoring_elements 0.60685
published_at 2026-06-13T12:55:00Z
1
value 0.00391
scoring_system epss
scoring_elements 0.60569
published_at 2026-06-11T12:55:00Z
2
value 0.00391
scoring_system epss
scoring_elements 0.60674
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31047
1
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
2
reference_url https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
reference_id c93ea692e7dfef03b7c50fe5437487545bee4d6a
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31047
reference_id CVE-2022-31047
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31047
4
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml
reference_id CVE-2022-31047.YAML
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml
5
reference_url https://github.com/advisories/GHSA-fh99-4pgr-8j99
reference_id GHSA-fh99-4pgr-8j99
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh99-4pgr-8j99
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
reference_id GHSA-fh99-4pgr-8j99
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-002
reference_id typo3-core-sa-2022-002
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-002
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.29
purl pkg:composer/typo3/cms-core@10.4.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-66qa-16we-wkdw
3
vulnerability VCID-6g94-zrcc-mqf2
4
vulnerability VCID-9f74-pxxq-3qea
5
vulnerability VCID-9fu7-2brx-j3az
6
vulnerability VCID-9kzb-yw93-rqd3
7
vulnerability VCID-9mh5-8n3y-93c8
8
vulnerability VCID-arjb-mbgt-97dh
9
vulnerability VCID-c34f-fptt-tfgt
10
vulnerability VCID-cmzk-5bm5-hbep
11
vulnerability VCID-d7rj-6q7r-dug5
12
vulnerability VCID-fajx-7vk2-yfd4
13
vulnerability VCID-g6wm-gjsy-7fdt
14
vulnerability VCID-humm-nga7-hbe4
15
vulnerability VCID-jtqp-g65r-93hs
16
vulnerability VCID-p2gb-esw8-3ya7
17
vulnerability VCID-qnk5-9jfz-5bhh
18
vulnerability VCID-rxu6-ccns-m3fk
19
vulnerability VCID-sq7n-ehxa-rbb9
20
vulnerability VCID-tyba-yxs8-7kgb
21
vulnerability VCID-u1bz-wj83-nbbt
22
vulnerability VCID-v1kq-a6wk-bka9
23
vulnerability VCID-vc1g-tqkt-w7gt
24
vulnerability VCID-ve54-aaqx-xkck
25
vulnerability VCID-wutq-k9ph-zyab
26
vulnerability VCID-x2ne-qxnz-rkem
27
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.29
1
url pkg:composer/typo3/cms-core@11.5.11
purl pkg:composer/typo3/cms-core@11.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-5ddb-qvu6-c7dd
2
vulnerability VCID-66qa-16we-wkdw
3
vulnerability VCID-6g94-zrcc-mqf2
4
vulnerability VCID-9f74-pxxq-3qea
5
vulnerability VCID-9fu7-2brx-j3az
6
vulnerability VCID-9kzb-yw93-rqd3
7
vulnerability VCID-9mh5-8n3y-93c8
8
vulnerability VCID-arjb-mbgt-97dh
9
vulnerability VCID-c34f-fptt-tfgt
10
vulnerability VCID-cmzk-5bm5-hbep
11
vulnerability VCID-d7rj-6q7r-dug5
12
vulnerability VCID-fajx-7vk2-yfd4
13
vulnerability VCID-g6wm-gjsy-7fdt
14
vulnerability VCID-humm-nga7-hbe4
15
vulnerability VCID-jtqp-g65r-93hs
16
vulnerability VCID-p2gb-esw8-3ya7
17
vulnerability VCID-qnk5-9jfz-5bhh
18
vulnerability VCID-ra2c-x1g8-tyhy
19
vulnerability VCID-rxu6-ccns-m3fk
20
vulnerability VCID-sq7n-ehxa-rbb9
21
vulnerability VCID-tyba-yxs8-7kgb
22
vulnerability VCID-u1bz-wj83-nbbt
23
vulnerability VCID-v1kq-a6wk-bka9
24
vulnerability VCID-vc1g-tqkt-w7gt
25
vulnerability VCID-ve54-aaqx-xkck
26
vulnerability VCID-wutq-k9ph-zyab
27
vulnerability VCID-x2ne-qxnz-rkem
28
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.11
aliases CVE-2022-31047, GHSA-fh99-4pgr-8j99
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vcbt-ta48-vybq
29
url VCID-ve54-aaqx-xkck
vulnerability_id VCID-ve54-aaqx-xkck
summary TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22188
reference_id
reference_type
scores
0
value 0.00687
scoring_system epss
scoring_elements 0.72301
published_at 2026-06-13T12:55:00Z
1
value 0.00687
scoring_system epss
scoring_elements 0.72288
published_at 2026-06-12T12:55:00Z
2
value 0.00687
scoring_system epss
scoring_elements 0.72205
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22188
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/47e897f8c7668ef299ecc9ce93f52cafbb3497ed
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/47e897f8c7668ef299ecc9ce93f52cafbb3497ed
3
reference_url https://github.com/TYPO3/typo3/commit/6cc11761b8e2434fa4ccc9f096c65ca82569cfdf
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/6cc11761b8e2434fa4ccc9f096c65ca82569cfdf
4
reference_url https://github.com/TYPO3/typo3/commit/84e07e35b880a544b517868432c56987d05d46d4
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/84e07e35b880a544b517868432c56987d05d46d4
5
reference_url https://typo3.org/security/advisory/typo3-psa-2020-002
reference_id
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-psa-2020-002
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22188
reference_id CVE-2024-22188
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22188
7
reference_url https://github.com/advisories/GHSA-5w2h-59j3-8x5w
reference_id GHSA-5w2h-59j3-8x5w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5w2h-59j3-8x5w
8
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w
reference_id GHSA-5w2h-59j3-8x5w
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-05T16:17:44Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w
9
reference_url https://typo3.org/security/advisory/typo3-core-sa-2024-002
reference_id typo3-core-sa-2024-002
reference_type
scores
0
value 7.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
1
value 8.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-05T16:17:44Z/
url https://typo3.org/security/advisory/typo3-core-sa-2024-002
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.43
purl pkg:composer/typo3/cms-core@10.4.43
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43
1
url pkg:composer/typo3/cms-core@11.5.35
purl pkg:composer/typo3/cms-core@11.5.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-qnk5-9jfz-5bhh
6
vulnerability VCID-rxu6-ccns-m3fk
7
vulnerability VCID-u1bz-wj83-nbbt
8
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35
2
url pkg:composer/typo3/cms-core@12.4.11
purl pkg:composer/typo3/cms-core@12.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-ant9-spg8-1ug5
5
vulnerability VCID-arjb-mbgt-97dh
6
vulnerability VCID-qnk5-9jfz-5bhh
7
vulnerability VCID-rxu6-ccns-m3fk
8
vulnerability VCID-u1bz-wj83-nbbt
9
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11
3
url pkg:composer/typo3/cms-core@13.0.1
purl pkg:composer/typo3/cms-core@13.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-ant9-spg8-1ug5
5
vulnerability VCID-arjb-mbgt-97dh
6
vulnerability VCID-fn5d-fhbq-yyhv
7
vulnerability VCID-qnk5-9jfz-5bhh
8
vulnerability VCID-rxu6-ccns-m3fk
9
vulnerability VCID-u1bz-wj83-nbbt
10
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1
aliases CVE-2024-22188, GHSA-5w2h-59j3-8x5w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ve54-aaqx-xkck
30
url VCID-wutq-k9ph-zyab
vulnerability_id VCID-wutq-k9ph-zyab
summary TYPO3 is an open source PHP based web content management system released under the GNU GPL. In typo3 installations there are always at least two different sites. Eg. first.example.org and second.example.com. In affected versions a session cookie generated for the first site can be reused on the second site without requiring additional authentication. This vulnerability has been addressed in versions 8.7.55, 9.5.44, 10.4.41, 11.5.33, and 12.4.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-47127
reference_id
reference_type
scores
0
value 0.00181
scoring_system epss
scoring_elements 0.39844
published_at 2026-06-12T12:55:00Z
1
value 0.00181
scoring_system epss
scoring_elements 0.39868
published_at 2026-06-13T12:55:00Z
2
value 0.00181
scoring_system epss
scoring_elements 0.39674
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-47127
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2023-47127.yaml
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2023-47127.yaml
2
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-47127
reference_id
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-47127
4
reference_url https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019
reference_id 535dfbdc54fd5362e0bc08d911db44eac7f64019
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:41:35Z/
url https://github.com/TYPO3/typo3/commit/535dfbdc54fd5362e0bc08d911db44eac7f64019
5
reference_url https://github.com/advisories/GHSA-3vmm-7h4j-69rm
reference_id GHSA-3vmm-7h4j-69rm
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3vmm-7h4j-69rm
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm
reference_id GHSA-3vmm-7h4j-69rm
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:41:35Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-3vmm-7h4j-69rm
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2023-006
reference_id typo3-core-sa-2023-006
reference_type
scores
0
value 4.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T20:41:35Z/
url https://typo3.org/security/advisory/typo3-core-sa-2023-006
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.41
purl pkg:composer/typo3/cms-core@10.4.41
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.41
1
url pkg:composer/typo3/cms-core@11.5.33
purl pkg:composer/typo3/cms-core@11.5.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-g6wm-gjsy-7fdt
6
vulnerability VCID-qnk5-9jfz-5bhh
7
vulnerability VCID-rxu6-ccns-m3fk
8
vulnerability VCID-sq7n-ehxa-rbb9
9
vulnerability VCID-u1bz-wj83-nbbt
10
vulnerability VCID-vc1g-tqkt-w7gt
11
vulnerability VCID-ve54-aaqx-xkck
12
vulnerability VCID-x2ne-qxnz-rkem
13
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.33
2
url pkg:composer/typo3/cms-core@12.4.8
purl pkg:composer/typo3/cms-core@12.4.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-ant9-spg8-1ug5
5
vulnerability VCID-arjb-mbgt-97dh
6
vulnerability VCID-g6wm-gjsy-7fdt
7
vulnerability VCID-qnk5-9jfz-5bhh
8
vulnerability VCID-rxu6-ccns-m3fk
9
vulnerability VCID-sq7n-ehxa-rbb9
10
vulnerability VCID-u1bz-wj83-nbbt
11
vulnerability VCID-vc1g-tqkt-w7gt
12
vulnerability VCID-ve54-aaqx-xkck
13
vulnerability VCID-x2ne-qxnz-rkem
14
vulnerability VCID-xbzy-s3xw-y7ey
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.8
aliases CVE-2023-47127, GHSA-3vmm-7h4j-69rm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wutq-k9ph-zyab
31
url VCID-x2ne-qxnz-rkem
vulnerability_id VCID-x2ne-qxnz-rkem
summary TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0859
reference_id
reference_type
scores
0
value 0.00031
scoring_system epss
scoring_elements 0.09365
published_at 2026-06-11T12:55:00Z
1
value 0.00045
scoring_system epss
scoring_elements 0.14367
published_at 2026-06-13T12:55:00Z
2
value 0.00045
scoring_system epss
scoring_elements 0.14366
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0859
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/3225d705080a1bde57a66689621c947da5a4782f
reference_id 3225d705080a1bde57a66689621c947da5a4782f
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:11:54Z/
url https://github.com/TYPO3/typo3/commit/3225d705080a1bde57a66689621c947da5a4782f
3
reference_url https://github.com/TYPO3/typo3/commit/722bf71c118b0a8e4f2c2494854437d846799a13
reference_id 722bf71c118b0a8e4f2c2494854437d846799a13
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:11:54Z/
url https://github.com/TYPO3/typo3/commit/722bf71c118b0a8e4f2c2494854437d846799a13
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-0859
reference_id CVE-2026-0859
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-0859
5
reference_url https://github.com/TYPO3/typo3/commit/e0f0ceee480c203fbb60b87454f5f193e541d27f
reference_id e0f0ceee480c203fbb60b87454f5f193e541d27f
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:11:54Z/
url https://github.com/TYPO3/typo3/commit/e0f0ceee480c203fbb60b87454f5f193e541d27f
6
reference_url https://github.com/advisories/GHSA-7vp9-x248-9vr9
reference_id GHSA-7vp9-x248-9vr9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7vp9-x248-9vr9
7
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-7vp9-x248-9vr9
reference_id GHSA-7vp9-x248-9vr9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-7vp9-x248-9vr9
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2026-004
reference_id typo3-core-sa-2026-004
reference_type
scores
0
value 5.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:11:54Z/
url https://typo3.org/security/advisory/typo3-core-sa-2026-004
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.55
purl pkg:composer/typo3/cms-core@10.4.55
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.55
1
url pkg:composer/typo3/cms-core@11.5.49
purl pkg:composer/typo3/cms-core@11.5.49
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.49
2
url pkg:composer/typo3/cms-core@12.4.41
purl pkg:composer/typo3/cms-core@12.4.41
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.41
3
url pkg:composer/typo3/cms-core@13.4.23
purl pkg:composer/typo3/cms-core@13.4.23
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.4.23
4
url pkg:composer/typo3/cms-core@14.0.2
purl pkg:composer/typo3/cms-core@14.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@14.0.2
aliases CVE-2026-0859, GHSA-7vp9-x248-9vr9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x2ne-qxnz-rkem
32
url VCID-xbzy-s3xw-y7ey
vulnerability_id VCID-xbzy-s3xw-y7ey
summary TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-25119
reference_id
reference_type
scores
0
value 0.00291
scoring_system epss
scoring_elements 0.52898
published_at 2026-06-11T12:55:00Z
1
value 0.00291
scoring_system epss
scoring_elements 0.53042
published_at 2026-06-13T12:55:00Z
2
value 0.00291
scoring_system epss
scoring_elements 0.53027
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-25119
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/14d101359c71ee963cf51ad0c8ae777b7b9ec9a1
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/14d101359c71ee963cf51ad0c8ae777b7b9ec9a1
3
reference_url https://github.com/TYPO3/typo3/commit/df486372ea56fac241d3c96ad43a7729fee64557
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/df486372ea56fac241d3c96ad43a7729fee64557
4
reference_url https://github.com/TYPO3/typo3/commit/fa12667c046342ebfd9b159c646aeafdbc52fcfd
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/fa12667c046342ebfd9b159c646aeafdbc52fcfd
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-25119
reference_id CVE-2024-25119
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-25119
6
reference_url https://github.com/advisories/GHSA-h47m-3f78-qp9g
reference_id GHSA-h47m-3f78-qp9g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-h47m-3f78-qp9g
7
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g
reference_id GHSA-h47m-3f78-qp9g
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-14T15:01:19Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2024-004
reference_id typo3-core-sa-2024-004
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-14T15:01:19Z/
url https://typo3.org/security/advisory/typo3-core-sa-2024-004
fixed_packages
0
url pkg:composer/typo3/cms-core@10.4.43
purl pkg:composer/typo3/cms-core@10.4.43
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.43
1
url pkg:composer/typo3/cms-core@11.5.35
purl pkg:composer/typo3/cms-core@11.5.35
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-arjb-mbgt-97dh
5
vulnerability VCID-qnk5-9jfz-5bhh
6
vulnerability VCID-rxu6-ccns-m3fk
7
vulnerability VCID-u1bz-wj83-nbbt
8
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.5.35
2
url pkg:composer/typo3/cms-core@12.4.11
purl pkg:composer/typo3/cms-core@12.4.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-ant9-spg8-1ug5
5
vulnerability VCID-arjb-mbgt-97dh
6
vulnerability VCID-qnk5-9jfz-5bhh
7
vulnerability VCID-rxu6-ccns-m3fk
8
vulnerability VCID-u1bz-wj83-nbbt
9
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.11
3
url pkg:composer/typo3/cms-core@13.0.1
purl pkg:composer/typo3/cms-core@13.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4hp8-5qeb-wyam
1
vulnerability VCID-9f74-pxxq-3qea
2
vulnerability VCID-9fu7-2brx-j3az
3
vulnerability VCID-9mh5-8n3y-93c8
4
vulnerability VCID-ant9-spg8-1ug5
5
vulnerability VCID-arjb-mbgt-97dh
6
vulnerability VCID-fn5d-fhbq-yyhv
7
vulnerability VCID-qnk5-9jfz-5bhh
8
vulnerability VCID-rxu6-ccns-m3fk
9
vulnerability VCID-u1bz-wj83-nbbt
10
vulnerability VCID-x2ne-qxnz-rkem
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.0.1
aliases CVE-2024-25119, GHSA-h47m-3f78-qp9g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xbzy-s3xw-y7ey
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@10.4.22