{"url":"http://public2.vulnerablecode.io/api/packages/58463?format=json","purl":"pkg:composer/typo3/cms-core@11.3.0","type":"composer","namespace":"typo3","name":"cms-core","version":"11.3.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"11.3.2","latest_non_vulnerable_version":"14.0.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41234?format=json","vulnerability_id":"VCID-a1g9-pyz5-9fca","summary":"Cross-site Scripting\nTYPO3 contains a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded, corresponding page preview module (`_Web>View_`) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 contain a patch for this issue.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2021-009","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2021-009"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32667","reference_id":"CVE-2021-32667","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32667"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58465?format=json","purl":"pkg:composer/typo3/cms-core@11.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rhr-8vaz-hqfj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.3.1"}],"aliases":["CVE-2021-32667","GHSA-8mq9-fqv8-59wf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a1g9-pyz5-9fca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41236?format=json","vulnerability_id":"VCID-j8hk-bqnb-gycp","summary":"Cross-site Scripting\nTYPO3 contains a cross-site scripting vulnerability. When error messages are not properly encoded, the components `_QueryGenerator_` and `_QueryView_` are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 contain a patch for this issue.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2021-010","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2021-010"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32668","reference_id":"CVE-2021-32668","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32668"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58465?format=json","purl":"pkg:composer/typo3/cms-core@11.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rhr-8vaz-hqfj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.3.1"}],"aliases":["CVE-2021-32668","GHSA-6mh3-j5r5-2379"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j8hk-bqnb-gycp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41235?format=json","vulnerability_id":"VCID-sdjb-gp4t-vbgt","summary":"Cross-site Scripting\nTYPO3 is an open source PHP based web content management system. have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 contain a patch for this vulnerability.","references":[{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2021-011","reference_id":"","reference_type":"","scores":[],"url":"https://typo3.org/security/advisory/typo3-core-sa-2021-011"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32669","reference_id":"CVE-2021-32669","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32669"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58465?format=json","purl":"pkg:composer/typo3/cms-core@11.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rhr-8vaz-hqfj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.3.1"}],"aliases":["CVE-2021-32669","GHSA-rgcg-28xm-8mmw"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sdjb-gp4t-vbgt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41233?format=json","vulnerability_id":"VCID-uq77-aax5-k7d8","summary":"Inclusion of Sensitive Information in Log Files\nTYPO3 is an open source PHP based web content management system. User credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 contain a patch for this vulnerability.","references":[{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32767","reference_id":"CVE-2021-32767","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-32767"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58465?format=json","purl":"pkg:composer/typo3/cms-core@11.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rhr-8vaz-hqfj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.3.1"}],"aliases":["CVE-2021-32767","GHSA-34fr-fhqr-7235"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uq77-aax5-k7d8"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@11.3.0"}