{"url":"http://public2.vulnerablecode.io/api/packages/61819?format=json","purl":"pkg:composer/typo3/cms@4.1.10","type":"composer","namespace":"typo3","name":"cms","version":"4.1.10","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.1.13","latest_non_vulnerable_version":"12.2.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43186?format=json","vulnerability_id":"VCID-4hgv-3p24-87hd","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.","references":[{"reference_url":"https://web.archive.org/web/20210507104956/http://www.securitytracker.com/id?1021709","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210507104956/http://www.securitytracker.com/id?1021709"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/"},{"reference_url":"http://www.debian.org/security/2009/dsa-1720","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2009/dsa-1720"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/02/10/6","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2009/02/10/6"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0816","reference_id":"CVE-2009-0816","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0816"},{"reference_url":"https://github.com/advisories/GHSA-jg55-3q6h-2ccf","reference_id":"GHSA-jg55-3q6h-2ccf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-jg55-3q6h-2ccf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61818?format=json","purl":"pkg:composer/typo3/cms@4.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/61819?format=json","purl":"pkg:composer/typo3/cms@4.1.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/61820?format=json","purl":"pkg:composer/typo3/cms@4.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.6"}],"aliases":["CVE-2009-0816","GHSA-jg55-3q6h-2ccf"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4hgv-3p24-87hd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43212?format=json","vulnerability_id":"VCID-pdhc-93r6-yfds","summary":"TYPO3 leaks a hash secret in an error message\nThe jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 leaks a hash secret (juHash) in an error message, which allows remote attackers to read arbitrary files by including the hash in a request.","references":[{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"https://web.archive.org/web/20091206080208/http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20091206080208/http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002"},{"reference_url":"https://web.archive.org/web/20200915000000*/http://www.securitytracker.com/id?1021710","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200915000000*/http://www.securitytracker.com/id?1021710"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0815","reference_id":"CVE-2009-0815","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0815"},{"reference_url":"https://github.com/advisories/GHSA-c22j-84c7-cm77","reference_id":"GHSA-c22j-84c7-cm77","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c22j-84c7-cm77"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/61818?format=json","purl":"pkg:composer/typo3/cms@4.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/61819?format=json","purl":"pkg:composer/typo3/cms@4.1.10","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/61820?format=json","purl":"pkg:composer/typo3/cms@4.2.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.2.6"}],"aliases":["CVE-2009-0815","GHSA-c22j-84c7-cm77"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdhc-93r6-yfds"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.1.10"}