{"url":"http://public2.vulnerablecode.io/api/packages/62891?format=json","purl":"pkg:composer/typo3/cms@4.7.0","type":"composer","namespace":"typo3","name":"cms","version":"4.7.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"10.4.35","latest_non_vulnerable_version":"12.2.0","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111340?format=json","vulnerability_id":"VCID-1m3k-7uhk-7kbr","summary":"Typo3 Backend Configuration XSS Vulnerability\nThe configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3529","reference_id":"","reference_type":"","scores":[{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59395","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59446","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3529"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77793","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77793"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3529","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3529"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"},{"reference_url":"http://www.debian.org/security/2012/dsa-2537","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2537"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/08/22/8","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/08/22/8"},{"reference_url":"https://github.com/advisories/GHSA-7gg8-3r6j-5g55","reference_id":"GHSA-7gg8-3r6j-5g55","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7gg8-3r6j-5g55"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63430?format=json","purl":"pkg:composer/typo3/cms@4.7.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.4"}],"aliases":["CVE-2012-3529","GHSA-7gg8-3r6j-5g55"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1m3k-7uhk-7kbr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111441?format=json","vulnerability_id":"VCID-2f2m-tcjn-fyby","summary":"Typo3 Vulnerable to Cache Poisoning\n**Problem Description:** A request URL with arbitrary arguments, but still pointing to the home page of  a TYPO3 installation can be cached if the configuration option `config.prefixLocalAnchors` is used with the values \"all\" or \"cached\". The impact of this vulnerability is that unfamiliar looking links to the home page can end up in the cache, which leads to a reload of the page in the browser when section links are followed by web page visitors, instead of just directly jumping to the requested section of the page. TYPO3 versions 4.6.x and higher are only affected if the homepage is not a shortcut to a different page.\n\n**Solution:** Removing the configuration options `config.prefixLocalAnchors` (and optionally also config.baseUrl) in favor of `config.absRefPrefix`\n\n**Credits:** Thanks to Gernot Leitgab who discovered and reported the vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9509","reference_id":"","reference_type":"","scores":[{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70755","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00633","scoring_system":"epss","scoring_elements":"0.70797","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9509"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9509","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9509"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-003/"},{"reference_url":"https://github.com/advisories/GHSA-5479-gqqr-f9gj","reference_id":"GHSA-5479-gqqr-f9gj","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5479-gqqr-f9gj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/152637?format=json","purl":"pkg:composer/typo3/cms@4.7.21","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.21"},{"url":"http://public2.vulnerablecode.io/api/packages/152638?format=json","purl":"pkg:composer/typo3/cms@6.0.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.15"},{"url":"http://public2.vulnerablecode.io/api/packages/152640?format=json","purl":"pkg:composer/typo3/cms@6.1.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52098?format=json","purl":"pkg:composer/typo3/cms@6.2.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1efr-h9gq-r7h1"},{"vulnerability":"VCID-1u4r-r97q-3yfk"},{"vulnerability":"VCID-1usv-hs5c-akb2"},{"vulnerability":"VCID-2r7u-mc45-8yhe"},{"vulnerability":"VCID-39jx-muqb-nkfq"},{"vulnerability":"VCID-4wnp-gusy-43b8"},{"vulnerability":"VCID-5dxs-cdht-27hw"},{"vulnerability":"VCID-5hm4-ms5p-uuae"},{"vulnerability":"VCID-5ppx-p8eq-mbgk"},{"vulnerability":"VCID-5ru2-1n1f-afa4"},{"vulnerability":"VCID-6su8-bbrw-hbhp"},{"vulnerability":"VCID-727q-h3ey-6yc9"},{"vulnerability":"VCID-7n9x-c9gs-9yb3"},{"vulnerability":"VCID-83y4-7q4j-h7f8"},{"vulnerability":"VCID-8jcy-3kje-fqeh"},{"vulnerability":"VCID-8p64-6zpt-t3av"},{"vulnerability":"VCID-8vum-snng-jfcv"},{"vulnerability":"VCID-95wn-6r9b-q7et"},{"vulnerability":"VCID-9899-uxyb-73gg"},{"vulnerability":"VCID-ansr-8m5j-pya6"},{"vulnerability":"VCID-bstt-ybrs-5ua3"},{"vulnerability":"VCID-c57c-akce-xufq"},{"vulnerability":"VCID-cgqm-1wwf-kbg6"},{"vulnerability":"VCID-dd9u-w2y2-87h9"},{"vulnerability":"VCID-dw8z-wtph-skey"},{"vulnerability":"VCID-dwjk-7sqh-hqa8"},{"vulnerability":"VCID-dyhd-5p1e-fya6"},{"vulnerability":"VCID-e1gr-txgg-fqa6"},{"vulnerability":"VCID-e1ms-4r4s-g7e7"},{"vulnerability":"VCID-e2bk-pfbe-puek"},{"vulnerability":"VCID-e82x-2cdb-7fgn"},{"vulnerability":"VCID-ebku-sk43-m7bf"},{"vulnerability":"VCID-ec17-eauu-67d3"},{"vulnerability":"VCID-ekvp-u4kk-kqdd"},{"vulnerability":"VCID-eutz-mj58-audb"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-exjy-5cyn-zfg1"},{"vulnerability":"VCID-fgqa-5fx9-nkaz"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-g7mm-vjbw-bbhd"},{"vulnerability":"VCID-g9ns-sxkx-aqh1"},{"vulnerability":"VCID-gbdn-7ce2-zuf7"},{"vulnerability":"VCID-h217-xe8x-nua3"},{"vulnerability":"VCID-h7hf-sf2q-73ay"},{"vulnerability":"VCID-hm4k-wbq3-r7ej"},{"vulnerability":"VCID-huxd-2e6q-abak"},{"vulnerability":"VCID-hzma-cduk-3uhp"},{"vulnerability":"VCID-j6x1-dfre-2bdq"},{"vulnerability":"VCID-jbkw-4x2d-fqcp"},{"vulnerability":"VCID-jenc-czvj-g3gw"},{"vulnerability":"VCID-jeqr-9tfu-f7b2"},{"vulnerability":"VCID-jf28-91be-6kbr"},{"vulnerability":"VCID-jmea-qzsr-wkf4"},{"vulnerability":"VCID-jn38-wfec-7bb2"},{"vulnerability":"VCID-kj76-rsr8-yqb3"},{"vulnerability":"VCID-kp2p-nbmg-ufen"},{"vulnerability":"VCID-kqu8-8c1n-73hr"},{"vulnerability":"VCID-ks1q-a8x2-uqht"},{"vulnerability":"VCID-m3nc-xbb4-yubr"},{"vulnerability":"VCID-n18b-qe5x-z7cj"},{"vulnerability":"VCID-n326-yy8y-xuap"},{"vulnerability":"VCID-nhjv-nke2-2kf8"},{"vulnerability":"VCID-nqqc-nkwq-rqhx"},{"vulnerability":"VCID-nvbp-pbjw-3qgx"},{"vulnerability":"VCID-p7gd-anw2-1qbz"},{"vulnerability":"VCID-q5f3-nhjn-hyb4"},{"vulnerability":"VCID-qek9-g3h8-nfdz"},{"vulnerability":"VCID-rae3-cugy-hbh5"},{"vulnerability":"VCID-rs13-zf7b-mka7"},{"vulnerability":"VCID-s4re-vww7-sugb"},{"vulnerability":"VCID-s97a-nmk8-y3ay"},{"vulnerability":"VCID-sdz8-hju8-4bcb"},{"vulnerability":"VCID-sn8n-mawq-3uht"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-u37d-tqqe-n7d4"},{"vulnerability":"VCID-u4tq-8qnk-5fd7"},{"vulnerability":"VCID-u6h1-ccgw-jqds"},{"vulnerability":"VCID-ub3e-hrb1-wqac"},{"vulnerability":"VCID-v2qy-dbf2-bffn"},{"vulnerability":"VCID-vq15-t92r-5bhx"},{"vulnerability":"VCID-w58p-3wg1-7ycr"},{"vulnerability":"VCID-w65h-8a9d-ckgj"},{"vulnerability":"VCID-wk4s-4bcd-2yb5"},{"vulnerability":"VCID-wms8-dnuz-b3hc"},{"vulnerability":"VCID-x175-xjek-97ds"},{"vulnerability":"VCID-xpxg-qq49-b7fd"},{"vulnerability":"VCID-xt7m-u9eb-fyd9"},{"vulnerability":"VCID-xw1s-93bu-wuh9"},{"vulnerability":"VCID-y1ap-y4az-x7ec"},{"vulnerability":"VCID-yn6z-9v7k-x7br"},{"vulnerability":"VCID-ys6f-g39p-fkfc"},{"vulnerability":"VCID-zhvz-jzf3-2uac"},{"vulnerability":"VCID-zru2-9g25-77dc"},{"vulnerability":"VCID-zrz3-3dnf-tbay"},{"vulnerability":"VCID-zybp-mb3d-jyee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.9"},{"url":"http://public2.vulnerablecode.io/api/packages/52099?format=json","purl":"pkg:composer/typo3/cms@7.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1u4r-r97q-3yfk"},{"vulnerability":"VCID-28fn-ncj5-2ufk"},{"vulnerability":"VCID-2rhr-8vaz-hqfj"},{"vulnerability":"VCID-2rmv-a83x-9ka8"},{"vulnerability":"VCID-3ugj-6m1e-e3hr"},{"vulnerability":"VCID-5hm4-ms5p-uuae"},{"vulnerability":"VCID-5ru2-1n1f-afa4"},{"vulnerability":"VCID-66kh-c1dm-8fbf"},{"vulnerability":"VCID-7n9x-c9gs-9yb3"},{"vulnerability":"VCID-8jcy-3kje-fqeh"},{"vulnerability":"VCID-953t-q1cr-zyd6"},{"vulnerability":"VCID-9899-uxyb-73gg"},{"vulnerability":"VCID-abjx-8v46-d7d8"},{"vulnerability":"VCID-ansr-8m5j-pya6"},{"vulnerability":"VCID-c57c-akce-xufq"},{"vulnerability":"VCID-cgqm-1wwf-kbg6"},{"vulnerability":"VCID-dsqm-9q3e-dudw"},{"vulnerability":"VCID-dwjk-7sqh-hqa8"},{"vulnerability":"VCID-dyhd-5p1e-fya6"},{"vulnerability":"VCID-e1gr-txgg-fqa6"},{"vulnerability":"VCID-e1ms-4r4s-g7e7"},{"vulnerability":"VCID-e2bk-pfbe-puek"},{"vulnerability":"VCID-e82x-2cdb-7fgn"},{"vulnerability":"VCID-ec17-eauu-67d3"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-fdnw-2tz5-4fdr"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-gpv4-4tpd-tbaa"},{"vulnerability":"VCID-hm4k-wbq3-r7ej"},{"vulnerability":"VCID-hp99-ncuh-6ugv"},{"vulnerability":"VCID-hsw8-nbs6-auaa"},{"vulnerability":"VCID-hyx9-8ae6-sba8"},{"vulnerability":"VCID-j6x1-dfre-2bdq"},{"vulnerability":"VCID-jp1p-rfxa-hyd9"},{"vulnerability":"VCID-jq5y-7h9g-mufa"},{"vulnerability":"VCID-jwb1-3sbg-kfa5"},{"vulnerability":"VCID-n18b-qe5x-z7cj"},{"vulnerability":"VCID-nhjv-nke2-2kf8"},{"vulnerability":"VCID-njsj-bwjq-fyap"},{"vulnerability":"VCID-nqqc-nkwq-rqhx"},{"vulnerability":"VCID-p576-w7dd-p3h7"},{"vulnerability":"VCID-p7gd-anw2-1qbz"},{"vulnerability":"VCID-q5f3-nhjn-hyb4"},{"vulnerability":"VCID-qcnh-z4zh-myaw"},{"vulnerability":"VCID-qek9-g3h8-nfdz"},{"vulnerability":"VCID-rae3-cugy-hbh5"},{"vulnerability":"VCID-rs13-zf7b-mka7"},{"vulnerability":"VCID-teby-zvvw-zkhv"},{"vulnerability":"VCID-tzpj-j3x1-ekgk"},{"vulnerability":"VCID-u6h1-ccgw-jqds"},{"vulnerability":"VCID-ub3e-hrb1-wqac"},{"vulnerability":"VCID-uq77-aax5-k7d8"},{"vulnerability":"VCID-vq15-t92r-5bhx"},{"vulnerability":"VCID-w65h-8a9d-ckgj"},{"vulnerability":"VCID-wms8-dnuz-b3hc"},{"vulnerability":"VCID-xvyu-2hb8-8ufh"},{"vulnerability":"VCID-xw1s-93bu-wuh9"},{"vulnerability":"VCID-ys6f-g39p-fkfc"},{"vulnerability":"VCID-yz6t-ge1y-qfgr"},{"vulnerability":"VCID-zru2-9g25-77dc"},{"vulnerability":"VCID-zybp-mb3d-jyee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.0.2"}],"aliases":["CVE-2014-9509","GHSA-5479-gqqr-f9gj"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2f2m-tcjn-fyby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112412?format=json","vulnerability_id":"VCID-3c8n-x9h6-5ybw","summary":"Typo3 Install Tool XSS Vulnerability\nCross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3531","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48313","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48249","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3531"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/78888"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3531","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3531"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"},{"reference_url":"http://www.debian.org/security/2012/dsa-2537","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2537"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/08/22/8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/08/22/8"},{"reference_url":"https://github.com/advisories/GHSA-p9wg-jvj4-cx26","reference_id":"GHSA-p9wg-jvj4-cx26","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-p9wg-jvj4-cx26"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63430?format=json","purl":"pkg:composer/typo3/cms@4.7.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.4"}],"aliases":["CVE-2012-3531","GHSA-p9wg-jvj4-cx26"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3c8n-x9h6-5ybw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55094?format=json","vulnerability_id":"VCID-88un-etsg-2qas","summary":"ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting\nFailing to properly validate the HTTP host-header TYPO3 CMS is susceptible to host spoofing. TYPO3 uses the HTTP host-header to generate absolute URLs in several places like 404 handling, http(s) enforcement, password reset links and many more. Since the host header itself is provided by the client it can be forged to any value, even in a name based virtual hosts environment. A blog post describes this problem in great detail.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2014-05-22-1.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2014-05-22-1.yaml"},{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"https://github.com/TYPO3/typo3/commit/32efb1b03573d51391126c90cd87c74b3dc457fb","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3/commit/32efb1b03573d51391126c90cd87c74b3dc457fb"},{"reference_url":"https://github.com/TYPO3/typo3/commit/9bd777649e4022c89dbf39ca41988a594b5e94b8","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3/commit/9bd777649e4022c89dbf39ca41988a594b5e94b8"},{"reference_url":"https://github.com/TYPO3/typo3/commit/c39bca9613c311dd12e61771dd311b1bb2283b8d","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3/commit/c39bca9613c311dd12e61771dd311b1bb2283b8d"},{"reference_url":"https://github.com/TYPO3/typo3/commit/d554ac5323f3b0fac1fce4c2c491d0123badd669","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3/commit/d554ac5323f3b0fac1fce4c2c491d0123badd669"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2014-001","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-core-sa-2014-001"},{"reference_url":"https://web.archive.org/web/20140531042943/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20140531042943/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001"},{"reference_url":"https://github.com/advisories/GHSA-mxjf-hc9v-xgv2","reference_id":"GHSA-mxjf-hc9v-xgv2","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mxjf-hc9v-xgv2"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62895?format=json","purl":"pkg:composer/typo3/cms@4.7.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.19"},{"url":"http://public2.vulnerablecode.io/api/packages/62897?format=json","purl":"pkg:composer/typo3/cms@6.1.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/51878?format=json","purl":"pkg:composer/typo3/cms@6.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ef6-uy9t-mqcu"},{"vulnerability":"VCID-1efr-h9gq-r7h1"},{"vulnerability":"VCID-1u4r-r97q-3yfk"},{"vulnerability":"VCID-1usv-hs5c-akb2"},{"vulnerability":"VCID-2f2m-tcjn-fyby"},{"vulnerability":"VCID-2r7u-mc45-8yhe"},{"vulnerability":"VCID-39jx-muqb-nkfq"},{"vulnerability":"VCID-3ump-aca5-g7b6"},{"vulnerability":"VCID-4wnp-gusy-43b8"},{"vulnerability":"VCID-5dxs-cdht-27hw"},{"vulnerability":"VCID-5hm4-ms5p-uuae"},{"vulnerability":"VCID-5ppx-p8eq-mbgk"},{"vulnerability":"VCID-5ru2-1n1f-afa4"},{"vulnerability":"VCID-6su8-bbrw-hbhp"},{"vulnerability":"VCID-6u6t-uy5y-5fd6"},{"vulnerability":"VCID-727q-h3ey-6yc9"},{"vulnerability":"VCID-7n9x-c9gs-9yb3"},{"vulnerability":"VCID-83y4-7q4j-h7f8"},{"vulnerability":"VCID-8jcy-3kje-fqeh"},{"vulnerability":"VCID-8p64-6zpt-t3av"},{"vulnerability":"VCID-8vum-snng-jfcv"},{"vulnerability":"VCID-95wn-6r9b-q7et"},{"vulnerability":"VCID-9899-uxyb-73gg"},{"vulnerability":"VCID-a1kt-str6-rqec"},{"vulnerability":"VCID-ansr-8m5j-pya6"},{"vulnerability":"VCID-bstt-ybrs-5ua3"},{"vulnerability":"VCID-c57c-akce-xufq"},{"vulnerability":"VCID-cgqm-1wwf-kbg6"},{"vulnerability":"VCID-dd9u-w2y2-87h9"},{"vulnerability":"VCID-dw8z-wtph-skey"},{"vulnerability":"VCID-dwjk-7sqh-hqa8"},{"vulnerability":"VCID-dyhd-5p1e-fya6"},{"vulnerability":"VCID-e1gr-txgg-fqa6"},{"vulnerability":"VCID-e1ms-4r4s-g7e7"},{"vulnerability":"VCID-e2bk-pfbe-puek"},{"vulnerability":"VCID-e82x-2cdb-7fgn"},{"vulnerability":"VCID-ebku-sk43-m7bf"},{"vulnerability":"VCID-ec17-eauu-67d3"},{"vulnerability":"VCID-ekvp-u4kk-kqdd"},{"vulnerability":"VCID-eutz-mj58-audb"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-exjy-5cyn-zfg1"},{"vulnerability":"VCID-fgn1-hswd-ekdf"},{"vulnerability":"VCID-fgqa-5fx9-nkaz"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-g7mm-vjbw-bbhd"},{"vulnerability":"VCID-g9ns-sxkx-aqh1"},{"vulnerability":"VCID-gbdn-7ce2-zuf7"},{"vulnerability":"VCID-h217-xe8x-nua3"},{"vulnerability":"VCID-h7hf-sf2q-73ay"},{"vulnerability":"VCID-hm4k-wbq3-r7ej"},{"vulnerability":"VCID-huxd-2e6q-abak"},{"vulnerability":"VCID-hzma-cduk-3uhp"},{"vulnerability":"VCID-j6x1-dfre-2bdq"},{"vulnerability":"VCID-jbkw-4x2d-fqcp"},{"vulnerability":"VCID-jenc-czvj-g3gw"},{"vulnerability":"VCID-jeqr-9tfu-f7b2"},{"vulnerability":"VCID-jf28-91be-6kbr"},{"vulnerability":"VCID-jmea-qzsr-wkf4"},{"vulnerability":"VCID-jn38-wfec-7bb2"},{"vulnerability":"VCID-jx9x-wxwq-5khx"},{"vulnerability":"VCID-kj76-rsr8-yqb3"},{"vulnerability":"VCID-kp2p-nbmg-ufen"},{"vulnerability":"VCID-kqu8-8c1n-73hr"},{"vulnerability":"VCID-ks1q-a8x2-uqht"},{"vulnerability":"VCID-m3nc-xbb4-yubr"},{"vulnerability":"VCID-n18b-qe5x-z7cj"},{"vulnerability":"VCID-n326-yy8y-xuap"},{"vulnerability":"VCID-nhjv-nke2-2kf8"},{"vulnerability":"VCID-nqqc-nkwq-rqhx"},{"vulnerability":"VCID-nvbp-pbjw-3qgx"},{"vulnerability":"VCID-p7gd-anw2-1qbz"},{"vulnerability":"VCID-q5f3-nhjn-hyb4"},{"vulnerability":"VCID-qek9-g3h8-nfdz"},{"vulnerability":"VCID-r6hu-hvdh-abb1"},{"vulnerability":"VCID-rae3-cugy-hbh5"},{"vulnerability":"VCID-rs13-zf7b-mka7"},{"vulnerability":"VCID-s4re-vww7-sugb"},{"vulnerability":"VCID-s97a-nmk8-y3ay"},{"vulnerability":"VCID-sdz8-hju8-4bcb"},{"vulnerability":"VCID-sn8n-mawq-3uht"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-u37d-tqqe-n7d4"},{"vulnerability":"VCID-u4tq-8qnk-5fd7"},{"vulnerability":"VCID-u6h1-ccgw-jqds"},{"vulnerability":"VCID-ub3e-hrb1-wqac"},{"vulnerability":"VCID-v2qy-dbf2-bffn"},{"vulnerability":"VCID-vq15-t92r-5bhx"},{"vulnerability":"VCID-w58p-3wg1-7ycr"},{"vulnerability":"VCID-w65h-8a9d-ckgj"},{"vulnerability":"VCID-wk4s-4bcd-2yb5"},{"vulnerability":"VCID-wms8-dnuz-b3hc"},{"vulnerability":"VCID-x175-xjek-97ds"},{"vulnerability":"VCID-xpxg-qq49-b7fd"},{"vulnerability":"VCID-xt7m-u9eb-fyd9"},{"vulnerability":"VCID-xw1s-93bu-wuh9"},{"vulnerability":"VCID-y1ap-y4az-x7ec"},{"vulnerability":"VCID-yn6z-9v7k-x7br"},{"vulnerability":"VCID-ys6f-g39p-fkfc"},{"vulnerability":"VCID-zhvz-jzf3-2uac"},{"vulnerability":"VCID-zpxz-291y-x3c7"},{"vulnerability":"VCID-zru2-9g25-77dc"},{"vulnerability":"VCID-zrz3-3dnf-tbay"},{"vulnerability":"VCID-zybp-mb3d-jyee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.3"}],"aliases":["GHSA-mxjf-hc9v-xgv2"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-88un-etsg-2qas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55084?format=json","vulnerability_id":"VCID-a1kt-str6-rqec","summary":"TYPO3 Arbitrary Shell Execution in Swiftmailer library\nThe swiftmailer library in use allows to execute arbitrary shell commands if the \"From\" header comes from a non-trusted source and no \"Return-Path\" is configured. Affected are only TYPO3 installation the configuration option\n```\n$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport']\n```\nis set to \"sendmail\". Installations with the default configuration are not affected.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2014-10-22-2.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2014-10-22-2.yaml"},{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"https://github.com/TYPO3/typo3/commit/313c4bba53dd78803a9ee97c1f6f1d450a521521","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3/commit/313c4bba53dd78803a9ee97c1f6f1d450a521521"},{"reference_url":"https://github.com/TYPO3/typo3/commit/6af37574e063929eaab066dd9920b1fa8815da12","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3/commit/6af37574e063929eaab066dd9920b1fa8815da12"},{"reference_url":"https://github.com/TYPO3/typo3/commit/dbdd9f22b7cebf43f2e4abdb2a6a8a9f32af8f61","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3/commit/dbdd9f22b7cebf43f2e4abdb2a6a8a9f32af8f61"},{"reference_url":"https://github.com/TYPO3/typo3/commit/ead183c5acf25b7e1121adee5a5860bd9b5f05a2","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3/commit/ead183c5acf25b7e1121adee5a5860bd9b5f05a2"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2014-002","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-core-sa-2014-002"},{"reference_url":"https://github.com/advisories/GHSA-45xg-4w5x-j429","reference_id":"GHSA-45xg-4w5x-j429","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-45xg-4w5x-j429"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/81680?format=json","purl":"pkg:composer/typo3/cms@4.7.20","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f2m-tcjn-fyby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.20"},{"url":"http://public2.vulnerablecode.io/api/packages/81679?format=json","purl":"pkg:composer/typo3/cms@6.1.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f2m-tcjn-fyby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.12"},{"url":"http://public2.vulnerablecode.io/api/packages/51995?format=json","purl":"pkg:composer/typo3/cms@6.2.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ef6-uy9t-mqcu"},{"vulnerability":"VCID-1efr-h9gq-r7h1"},{"vulnerability":"VCID-1u4r-r97q-3yfk"},{"vulnerability":"VCID-1usv-hs5c-akb2"},{"vulnerability":"VCID-2f2m-tcjn-fyby"},{"vulnerability":"VCID-2r7u-mc45-8yhe"},{"vulnerability":"VCID-39jx-muqb-nkfq"},{"vulnerability":"VCID-4wnp-gusy-43b8"},{"vulnerability":"VCID-5dxs-cdht-27hw"},{"vulnerability":"VCID-5hm4-ms5p-uuae"},{"vulnerability":"VCID-5ppx-p8eq-mbgk"},{"vulnerability":"VCID-5ru2-1n1f-afa4"},{"vulnerability":"VCID-6su8-bbrw-hbhp"},{"vulnerability":"VCID-6u6t-uy5y-5fd6"},{"vulnerability":"VCID-727q-h3ey-6yc9"},{"vulnerability":"VCID-7n9x-c9gs-9yb3"},{"vulnerability":"VCID-83y4-7q4j-h7f8"},{"vulnerability":"VCID-8jcy-3kje-fqeh"},{"vulnerability":"VCID-8p64-6zpt-t3av"},{"vulnerability":"VCID-8vum-snng-jfcv"},{"vulnerability":"VCID-95wn-6r9b-q7et"},{"vulnerability":"VCID-9899-uxyb-73gg"},{"vulnerability":"VCID-ansr-8m5j-pya6"},{"vulnerability":"VCID-bstt-ybrs-5ua3"},{"vulnerability":"VCID-c57c-akce-xufq"},{"vulnerability":"VCID-cgqm-1wwf-kbg6"},{"vulnerability":"VCID-dd9u-w2y2-87h9"},{"vulnerability":"VCID-dw8z-wtph-skey"},{"vulnerability":"VCID-dwjk-7sqh-hqa8"},{"vulnerability":"VCID-dyhd-5p1e-fya6"},{"vulnerability":"VCID-e1gr-txgg-fqa6"},{"vulnerability":"VCID-e1ms-4r4s-g7e7"},{"vulnerability":"VCID-e2bk-pfbe-puek"},{"vulnerability":"VCID-e82x-2cdb-7fgn"},{"vulnerability":"VCID-ebku-sk43-m7bf"},{"vulnerability":"VCID-ec17-eauu-67d3"},{"vulnerability":"VCID-ekvp-u4kk-kqdd"},{"vulnerability":"VCID-eutz-mj58-audb"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-exjy-5cyn-zfg1"},{"vulnerability":"VCID-fgqa-5fx9-nkaz"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-g7mm-vjbw-bbhd"},{"vulnerability":"VCID-g9ns-sxkx-aqh1"},{"vulnerability":"VCID-gbdn-7ce2-zuf7"},{"vulnerability":"VCID-h217-xe8x-nua3"},{"vulnerability":"VCID-h7hf-sf2q-73ay"},{"vulnerability":"VCID-hm4k-wbq3-r7ej"},{"vulnerability":"VCID-huxd-2e6q-abak"},{"vulnerability":"VCID-hzma-cduk-3uhp"},{"vulnerability":"VCID-j6x1-dfre-2bdq"},{"vulnerability":"VCID-jbkw-4x2d-fqcp"},{"vulnerability":"VCID-jenc-czvj-g3gw"},{"vulnerability":"VCID-jeqr-9tfu-f7b2"},{"vulnerability":"VCID-jf28-91be-6kbr"},{"vulnerability":"VCID-jmea-qzsr-wkf4"},{"vulnerability":"VCID-jn38-wfec-7bb2"},{"vulnerability":"VCID-jx9x-wxwq-5khx"},{"vulnerability":"VCID-kj76-rsr8-yqb3"},{"vulnerability":"VCID-kp2p-nbmg-ufen"},{"vulnerability":"VCID-kqu8-8c1n-73hr"},{"vulnerability":"VCID-ks1q-a8x2-uqht"},{"vulnerability":"VCID-m3nc-xbb4-yubr"},{"vulnerability":"VCID-n18b-qe5x-z7cj"},{"vulnerability":"VCID-n326-yy8y-xuap"},{"vulnerability":"VCID-nhjv-nke2-2kf8"},{"vulnerability":"VCID-nqqc-nkwq-rqhx"},{"vulnerability":"VCID-nvbp-pbjw-3qgx"},{"vulnerability":"VCID-p7gd-anw2-1qbz"},{"vulnerability":"VCID-q5f3-nhjn-hyb4"},{"vulnerability":"VCID-qek9-g3h8-nfdz"},{"vulnerability":"VCID-r6hu-hvdh-abb1"},{"vulnerability":"VCID-rae3-cugy-hbh5"},{"vulnerability":"VCID-rs13-zf7b-mka7"},{"vulnerability":"VCID-s4re-vww7-sugb"},{"vulnerability":"VCID-s97a-nmk8-y3ay"},{"vulnerability":"VCID-sdz8-hju8-4bcb"},{"vulnerability":"VCID-sn8n-mawq-3uht"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-u37d-tqqe-n7d4"},{"vulnerability":"VCID-u4tq-8qnk-5fd7"},{"vulnerability":"VCID-u6h1-ccgw-jqds"},{"vulnerability":"VCID-ub3e-hrb1-wqac"},{"vulnerability":"VCID-v2qy-dbf2-bffn"},{"vulnerability":"VCID-vq15-t92r-5bhx"},{"vulnerability":"VCID-w58p-3wg1-7ycr"},{"vulnerability":"VCID-w65h-8a9d-ckgj"},{"vulnerability":"VCID-wk4s-4bcd-2yb5"},{"vulnerability":"VCID-wms8-dnuz-b3hc"},{"vulnerability":"VCID-x175-xjek-97ds"},{"vulnerability":"VCID-xpxg-qq49-b7fd"},{"vulnerability":"VCID-xt7m-u9eb-fyd9"},{"vulnerability":"VCID-xw1s-93bu-wuh9"},{"vulnerability":"VCID-y1ap-y4az-x7ec"},{"vulnerability":"VCID-yn6z-9v7k-x7br"},{"vulnerability":"VCID-ys6f-g39p-fkfc"},{"vulnerability":"VCID-zhvz-jzf3-2uac"},{"vulnerability":"VCID-zru2-9g25-77dc"},{"vulnerability":"VCID-zrz3-3dnf-tbay"},{"vulnerability":"VCID-zybp-mb3d-jyee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.6"}],"aliases":["GHSA-45xg-4w5x-j429"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a1kt-str6-rqec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/110997?format=json","vulnerability_id":"VCID-dz2n-vpss-zqe9","summary":"TYPO3 allows remote authenticated backend users to unserialize arbitrary objects\nview_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a \"missing signature (HMAC).\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3527","reference_id":"","reference_type":"","scores":[{"value":"0.02065","scoring_system":"epss","scoring_elements":"0.8424","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02065","scoring_system":"epss","scoring_elements":"0.84263","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3527"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77791","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77791"},{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3527","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3527"},{"reference_url":"https://web.archive.org/web/20120817233148/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120817233148/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004"},{"reference_url":"http://www.debian.org/security/2012/dsa-2537","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2537"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/08/22/8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/08/22/8"},{"reference_url":"https://github.com/advisories/GHSA-m4hw-r893-xh4g","reference_id":"GHSA-m4hw-r893-xh4g","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m4hw-r893-xh4g"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63430?format=json","purl":"pkg:composer/typo3/cms@4.7.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.4"}],"aliases":["CVE-2012-3527","GHSA-m4hw-r893-xh4g"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dz2n-vpss-zqe9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111039?format=json","vulnerability_id":"VCID-emf6-2wa5-2yc7","summary":"Typo3 Backend History Module Vulnerable to XSS\nCross-site scripting (XSS) vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6145","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41383","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41458","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6145"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79965","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79965"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6145","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6145"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/06/19/4","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/06/19/4"},{"reference_url":"https://github.com/advisories/GHSA-w563-rq37-cvq5","reference_id":"GHSA-w563-rq37-cvq5","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-w563-rq37-cvq5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63427?format=json","purl":"pkg:composer/typo3/cms@4.7.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.6"}],"aliases":["CVE-2012-6145","GHSA-w563-rq37-cvq5"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-emf6-2wa5-2yc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112338?format=json","vulnerability_id":"VCID-j4zg-ekjr-jycg","summary":"TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component\nMultiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.","references":[{"reference_url":"http://osvdb.org/100881","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://osvdb.org/100881"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7074","reference_id":"","reference_type":"","scores":[{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56645","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00335","scoring_system":"epss","scoring_elements":"0.56593","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/473","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2013/q4/473"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/487","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2013/q4/487"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/89620","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/89620"},{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7074","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7074"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"},{"reference_url":"http://www.debian.org/security/2014/dsa-2834","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2834"},{"reference_url":"http://www.securityfocus.com/bid/64245","reference_id":"","reference_type":"","scores":[{"value":"3.0","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securityfocus.com/bid/64245"},{"reference_url":"https://github.com/advisories/GHSA-r8m7-792j-5jvq","reference_id":"GHSA-r8m7-792j-5jvq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r8m7-792j-5jvq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63485?format=json","purl":"pkg:composer/typo3/cms@4.7.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/63486?format=json","purl":"pkg:composer/typo3/cms@6.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/63487?format=json","purl":"pkg:composer/typo3/cms@6.1.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.7"}],"aliases":["CVE-2013-7074","GHSA-r8m7-792j-5jvq"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j4zg-ekjr-jycg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111462?format=json","vulnerability_id":"VCID-jppr-qkg2-ebc9","summary":"TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component\nThe Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a \"missing signature.\"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7075","reference_id":"","reference_type":"","scores":[{"value":"0.00408","scoring_system":"epss","scoring_elements":"0.61556","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00408","scoring_system":"epss","scoring_elements":"0.61507","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/473","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2013/q4/473"},{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7075","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7075"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2834","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2834"},{"reference_url":"https://github.com/advisories/GHSA-47ww-mq32-g4xw","reference_id":"GHSA-47ww-mq32-g4xw","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-47ww-mq32-g4xw"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63485?format=json","purl":"pkg:composer/typo3/cms@4.7.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/63486?format=json","purl":"pkg:composer/typo3/cms@6.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/63487?format=json","purl":"pkg:composer/typo3/cms@6.1.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.7"}],"aliases":["CVE-2013-7075","GHSA-47ww-mq32-g4xw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jppr-qkg2-ebc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111536?format=json","vulnerability_id":"VCID-ksmp-ds38-z3dd","summary":"Typo3 Exception Handler XSS\nCross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages.","references":[{"reference_url":"http://lists.typo3.org/pipermail/typo3-announce/2012/000241.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.typo3.org/pipermail/typo3-announce/2012/000241.html"},{"reference_url":"http://lists.typo3.org/pipermail/typo3-announce/2012/000242.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.typo3.org/pipermail/typo3-announce/2012/000242.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2112","reference_id":"","reference_type":"","scores":[{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66457","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66498","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2112"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74920","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74920"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2112","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2112"},{"reference_url":"https://web.archive.org/web/20120421201555/http://www.securityfocus.com/bid/53047","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120421201555/http://www.securityfocus.com/bid/53047"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/"},{"reference_url":"http://www.debian.org/security/2012/dsa-2455","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2455"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/04/17/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/04/17/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/04/18/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/04/18/1"},{"reference_url":"https://github.com/advisories/GHSA-qfr3-29w6-hwpg","reference_id":"GHSA-qfr3-29w6-hwpg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qfr3-29w6-hwpg"}],"fixed_packages":[],"aliases":["CVE-2012-2112","GHSA-qfr3-29w6-hwpg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ksmp-ds38-z3dd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44113?format=json","vulnerability_id":"VCID-mebb-nda6-fbfk","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nIncomplete block list vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain HTML5 JavaScript events.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3530","reference_id":"","reference_type":"","scores":[{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.69071","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00573","scoring_system":"epss","scoring_elements":"0.69111","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3530"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77794","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77794"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"},{"reference_url":"http://www.debian.org/security/2012/dsa-2537","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2537"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/08/22/8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/08/22/8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3530","reference_id":"CVE-2012-3530","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3530"},{"reference_url":"https://github.com/advisories/GHSA-94c2-g68f-9r98","reference_id":"GHSA-94c2-g68f-9r98","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-94c2-g68f-9r98"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63430?format=json","purl":"pkg:composer/typo3/cms@4.7.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.4"}],"aliases":["CVE-2012-3530","GHSA-94c2-g68f-9r98"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mebb-nda6-fbfk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111747?format=json","vulnerability_id":"VCID-n8w2-c67q-fkd5","summary":"Typo3 Backend XSS Vulnerability\nMultiple cross-site scripting (XSS) vulnerabilities in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3528","reference_id":"","reference_type":"","scores":[{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.6729","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00522","scoring_system":"epss","scoring_elements":"0.67249","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3528"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77792","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/77792"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3528","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3528"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/"},{"reference_url":"http://www.debian.org/security/2012/dsa-2537","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2537"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/08/22/8","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2012/08/22/8"},{"reference_url":"https://github.com/advisories/GHSA-7w6c-5pr4-7qvp","reference_id":"GHSA-7w6c-5pr4-7qvp","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-7w6c-5pr4-7qvp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63430?format=json","purl":"pkg:composer/typo3/cms@4.7.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.4"}],"aliases":["CVE-2012-3528","GHSA-7w6c-5pr4-7qvp"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n8w2-c67q-fkd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44139?format=json","vulnerability_id":"VCID-nx7p-v66a-vfg1","summary":"TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component\nThe Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7073","reference_id":"","reference_type":"","scores":[{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.51201","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00275","scoring_system":"epss","scoring_elements":"0.5114","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/473","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2013/q4/473"},{"reference_url":"http://seclists.org/oss-sec/2013/q4/487","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2013/q4/487"},{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"},{"reference_url":"http://www.debian.org/security/2014/dsa-2834","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2834"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7073","reference_id":"CVE-2013-7073","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-7073"},{"reference_url":"https://github.com/advisories/GHSA-4rpv-g4gq-rh4m","reference_id":"GHSA-4rpv-g4gq-rh4m","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4rpv-g4gq-rh4m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63485?format=json","purl":"pkg:composer/typo3/cms@4.7.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/63486?format=json","purl":"pkg:composer/typo3/cms@6.0.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.12"},{"url":"http://public2.vulnerablecode.io/api/packages/63487?format=json","purl":"pkg:composer/typo3/cms@6.1.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.7"}],"aliases":["CVE-2013-7073","GHSA-4rpv-g4gq-rh4m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nx7p-v66a-vfg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44112?format=json","vulnerability_id":"VCID-ra42-mjmq-cfa6","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nSQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6144","reference_id":"","reference_type":"","scores":[{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69679","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00595","scoring_system":"epss","scoring_elements":"0.69719","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6144"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79964","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79964"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/06/19/4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/06/19/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6144","reference_id":"CVE-2012-6144","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6144"},{"reference_url":"https://github.com/advisories/GHSA-947m-vgqc-x6v4","reference_id":"GHSA-947m-vgqc-x6v4","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-947m-vgqc-x6v4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63427?format=json","purl":"pkg:composer/typo3/cms@4.7.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.6"}],"aliases":["CVE-2012-6144","GHSA-947m-vgqc-x6v4"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ra42-mjmq-cfa6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111509?format=json","vulnerability_id":"VCID-t9q4-xnmg-p3hz","summary":"Typo3 Backend API XSS Vulnerability\nCross-site scripting (XSS) vulnerability in the tree render API (TCA-Tree) in the Backend API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6147","reference_id":"","reference_type":"","scores":[{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41458","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41383","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6147"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79967","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79967"},{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6147","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6147"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/06/19/4","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2013/06/19/4"},{"reference_url":"https://github.com/advisories/GHSA-qmmw-ch2q-j6xx","reference_id":"GHSA-qmmw-ch2q-j6xx","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qmmw-ch2q-j6xx"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63427?format=json","purl":"pkg:composer/typo3/cms@4.7.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.6"}],"aliases":["CVE-2012-6147","GHSA-qmmw-ch2q-j6xx"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t9q4-xnmg-p3hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/111984?format=json","vulnerability_id":"VCID-ue3u-mrsa-3yd2","summary":"Typo3 Backend History Module Vulnerable to XSS\nThe Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6146","reference_id":"","reference_type":"","scores":[{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.38832","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00176","scoring_system":"epss","scoring_elements":"0.3892","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6146"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6146","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6146"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"},{"reference_url":"https://github.com/advisories/GHSA-2hp4-8h6h-93rr","reference_id":"GHSA-2hp4-8h6h-93rr","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-2hp4-8h6h-93rr"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63427?format=json","purl":"pkg:composer/typo3/cms@4.7.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.6"}],"aliases":["CVE-2012-6146","GHSA-2hp4-8h6h-93rr"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ue3u-mrsa-3yd2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43798?format=json","vulnerability_id":"VCID-wasp-gawc-cbca","summary":"TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code\nThe Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3942","reference_id":"","reference_type":"","scores":[{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63636","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63594","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946"},{"reference_url":"https://github.com/TYPO3/typo3","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/TYPO3/typo3"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2014-001","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-core-sa-2014-001"},{"reference_url":"http://www.debian.org/security/2014/dsa-2942","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2942"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/06/03/2","reference_id":"","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/06/03/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3942","reference_id":"CVE-2014-3942","reference_type":"","scores":[{"value":"8.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3942"},{"reference_url":"https://github.com/advisories/GHSA-55g3-fjwm-w2c8","reference_id":"GHSA-55g3-fjwm-w2c8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-55g3-fjwm-w2c8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62895?format=json","purl":"pkg:composer/typo3/cms@4.7.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.19"},{"url":"http://public2.vulnerablecode.io/api/packages/62896?format=json","purl":"pkg:composer/typo3/cms@6.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f2m-tcjn-fyby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/62897?format=json","purl":"pkg:composer/typo3/cms@6.1.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.9"}],"aliases":["CVE-2014-3942","GHSA-55g3-fjwm-w2c8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wasp-gawc-cbca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/112160?format=json","vulnerability_id":"VCID-wzje-a1jd-2bgx","summary":"Typo3 Function Menu API XSS Vulnerability\nCross-site scripting (XSS) vulnerability in the function menu API in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6148","reference_id":"","reference_type":"","scores":[{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45169","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45237","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6148"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79968","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/79968"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6148","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6148"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/","reference_id":"","reference_type":"","scores":[],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/"},{"reference_url":"https://github.com/advisories/GHSA-rgf6-9q7g-55qg","reference_id":"GHSA-rgf6-9q7g-55qg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-rgf6-9q7g-55qg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/63427?format=json","purl":"pkg:composer/typo3/cms@4.7.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.6"}],"aliases":["CVE-2012-6148","GHSA-rgf6-9q7g-55qg"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wzje-a1jd-2bgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43930?format=json","vulnerability_id":"VCID-yphc-ujay-7fcs","summary":"Typo3 Host Header Spoofing Vulnerability\nTYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to \"Host Spoofing.\"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3941","reference_id":"","reference_type":"","scores":[{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51314","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00276","scoring_system":"epss","scoring_elements":"0.51253","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946"},{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001"},{"reference_url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001"},{"reference_url":"http://www.debian.org/security/2014/dsa-2942","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2942"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/06/03/2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/06/03/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3941","reference_id":"CVE-2014-3941","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3941"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3941.yaml","reference_id":"CVE-2014-3941.YAML","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3941.yaml"},{"reference_url":"https://github.com/advisories/GHSA-594h-cx6w-p4jf","reference_id":"GHSA-594h-cx6w-p4jf","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-594h-cx6w-p4jf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62895?format=json","purl":"pkg:composer/typo3/cms@4.7.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.19"},{"url":"http://public2.vulnerablecode.io/api/packages/62896?format=json","purl":"pkg:composer/typo3/cms@6.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f2m-tcjn-fyby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/62897?format=json","purl":"pkg:composer/typo3/cms@6.1.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/51878?format=json","purl":"pkg:composer/typo3/cms@6.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ef6-uy9t-mqcu"},{"vulnerability":"VCID-1efr-h9gq-r7h1"},{"vulnerability":"VCID-1u4r-r97q-3yfk"},{"vulnerability":"VCID-1usv-hs5c-akb2"},{"vulnerability":"VCID-2f2m-tcjn-fyby"},{"vulnerability":"VCID-2r7u-mc45-8yhe"},{"vulnerability":"VCID-39jx-muqb-nkfq"},{"vulnerability":"VCID-3ump-aca5-g7b6"},{"vulnerability":"VCID-4wnp-gusy-43b8"},{"vulnerability":"VCID-5dxs-cdht-27hw"},{"vulnerability":"VCID-5hm4-ms5p-uuae"},{"vulnerability":"VCID-5ppx-p8eq-mbgk"},{"vulnerability":"VCID-5ru2-1n1f-afa4"},{"vulnerability":"VCID-6su8-bbrw-hbhp"},{"vulnerability":"VCID-6u6t-uy5y-5fd6"},{"vulnerability":"VCID-727q-h3ey-6yc9"},{"vulnerability":"VCID-7n9x-c9gs-9yb3"},{"vulnerability":"VCID-83y4-7q4j-h7f8"},{"vulnerability":"VCID-8jcy-3kje-fqeh"},{"vulnerability":"VCID-8p64-6zpt-t3av"},{"vulnerability":"VCID-8vum-snng-jfcv"},{"vulnerability":"VCID-95wn-6r9b-q7et"},{"vulnerability":"VCID-9899-uxyb-73gg"},{"vulnerability":"VCID-a1kt-str6-rqec"},{"vulnerability":"VCID-ansr-8m5j-pya6"},{"vulnerability":"VCID-bstt-ybrs-5ua3"},{"vulnerability":"VCID-c57c-akce-xufq"},{"vulnerability":"VCID-cgqm-1wwf-kbg6"},{"vulnerability":"VCID-dd9u-w2y2-87h9"},{"vulnerability":"VCID-dw8z-wtph-skey"},{"vulnerability":"VCID-dwjk-7sqh-hqa8"},{"vulnerability":"VCID-dyhd-5p1e-fya6"},{"vulnerability":"VCID-e1gr-txgg-fqa6"},{"vulnerability":"VCID-e1ms-4r4s-g7e7"},{"vulnerability":"VCID-e2bk-pfbe-puek"},{"vulnerability":"VCID-e82x-2cdb-7fgn"},{"vulnerability":"VCID-ebku-sk43-m7bf"},{"vulnerability":"VCID-ec17-eauu-67d3"},{"vulnerability":"VCID-ekvp-u4kk-kqdd"},{"vulnerability":"VCID-eutz-mj58-audb"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-exjy-5cyn-zfg1"},{"vulnerability":"VCID-fgn1-hswd-ekdf"},{"vulnerability":"VCID-fgqa-5fx9-nkaz"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-g7mm-vjbw-bbhd"},{"vulnerability":"VCID-g9ns-sxkx-aqh1"},{"vulnerability":"VCID-gbdn-7ce2-zuf7"},{"vulnerability":"VCID-h217-xe8x-nua3"},{"vulnerability":"VCID-h7hf-sf2q-73ay"},{"vulnerability":"VCID-hm4k-wbq3-r7ej"},{"vulnerability":"VCID-huxd-2e6q-abak"},{"vulnerability":"VCID-hzma-cduk-3uhp"},{"vulnerability":"VCID-j6x1-dfre-2bdq"},{"vulnerability":"VCID-jbkw-4x2d-fqcp"},{"vulnerability":"VCID-jenc-czvj-g3gw"},{"vulnerability":"VCID-jeqr-9tfu-f7b2"},{"vulnerability":"VCID-jf28-91be-6kbr"},{"vulnerability":"VCID-jmea-qzsr-wkf4"},{"vulnerability":"VCID-jn38-wfec-7bb2"},{"vulnerability":"VCID-jx9x-wxwq-5khx"},{"vulnerability":"VCID-kj76-rsr8-yqb3"},{"vulnerability":"VCID-kp2p-nbmg-ufen"},{"vulnerability":"VCID-kqu8-8c1n-73hr"},{"vulnerability":"VCID-ks1q-a8x2-uqht"},{"vulnerability":"VCID-m3nc-xbb4-yubr"},{"vulnerability":"VCID-n18b-qe5x-z7cj"},{"vulnerability":"VCID-n326-yy8y-xuap"},{"vulnerability":"VCID-nhjv-nke2-2kf8"},{"vulnerability":"VCID-nqqc-nkwq-rqhx"},{"vulnerability":"VCID-nvbp-pbjw-3qgx"},{"vulnerability":"VCID-p7gd-anw2-1qbz"},{"vulnerability":"VCID-q5f3-nhjn-hyb4"},{"vulnerability":"VCID-qek9-g3h8-nfdz"},{"vulnerability":"VCID-r6hu-hvdh-abb1"},{"vulnerability":"VCID-rae3-cugy-hbh5"},{"vulnerability":"VCID-rs13-zf7b-mka7"},{"vulnerability":"VCID-s4re-vww7-sugb"},{"vulnerability":"VCID-s97a-nmk8-y3ay"},{"vulnerability":"VCID-sdz8-hju8-4bcb"},{"vulnerability":"VCID-sn8n-mawq-3uht"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-u37d-tqqe-n7d4"},{"vulnerability":"VCID-u4tq-8qnk-5fd7"},{"vulnerability":"VCID-u6h1-ccgw-jqds"},{"vulnerability":"VCID-ub3e-hrb1-wqac"},{"vulnerability":"VCID-v2qy-dbf2-bffn"},{"vulnerability":"VCID-vq15-t92r-5bhx"},{"vulnerability":"VCID-w58p-3wg1-7ycr"},{"vulnerability":"VCID-w65h-8a9d-ckgj"},{"vulnerability":"VCID-wk4s-4bcd-2yb5"},{"vulnerability":"VCID-wms8-dnuz-b3hc"},{"vulnerability":"VCID-x175-xjek-97ds"},{"vulnerability":"VCID-xpxg-qq49-b7fd"},{"vulnerability":"VCID-xt7m-u9eb-fyd9"},{"vulnerability":"VCID-xw1s-93bu-wuh9"},{"vulnerability":"VCID-y1ap-y4az-x7ec"},{"vulnerability":"VCID-yn6z-9v7k-x7br"},{"vulnerability":"VCID-ys6f-g39p-fkfc"},{"vulnerability":"VCID-zhvz-jzf3-2uac"},{"vulnerability":"VCID-zpxz-291y-x3c7"},{"vulnerability":"VCID-zru2-9g25-77dc"},{"vulnerability":"VCID-zrz3-3dnf-tbay"},{"vulnerability":"VCID-zybp-mb3d-jyee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.3"}],"aliases":["CVE-2014-3941","GHSA-594h-cx6w-p4jf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yphc-ujay-7fcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43975?format=json","vulnerability_id":"VCID-zqe5-53je-mfaw","summary":"Typo3 XSS Vulnerabilities\nMultiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3943","reference_id":"","reference_type":"","scores":[{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43198","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00208","scoring_system":"epss","scoring_elements":"0.43123","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3943"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3941"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3942"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3943"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3944"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3945"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3946"},{"reference_url":"https://typo3.org/security/advisory/typo3-core-sa-2014-001","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/security/advisory/typo3-core-sa-2014-001"},{"reference_url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001"},{"reference_url":"https://web.archive.org/web/20200229060129/http://www.securityfocus.com/bid/67625","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200229060129/http://www.securityfocus.com/bid/67625"},{"reference_url":"http://www.debian.org/security/2014/dsa-2942","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2014/dsa-2942"},{"reference_url":"http://www.openwall.com/lists/oss-security/2014/06/03/2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2014/06/03/2"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3943","reference_id":"CVE-2014-3943","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3943"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3943.yaml","reference_id":"CVE-2014-3943.YAML","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2014-3943.yaml"},{"reference_url":"https://github.com/advisories/GHSA-qqh2-h6gw-6x8x","reference_id":"GHSA-qqh2-h6gw-6x8x","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-qqh2-h6gw-6x8x"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62895?format=json","purl":"pkg:composer/typo3/cms@4.7.19","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.19"},{"url":"http://public2.vulnerablecode.io/api/packages/62896?format=json","purl":"pkg:composer/typo3/cms@6.0.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2f2m-tcjn-fyby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.0.14"},{"url":"http://public2.vulnerablecode.io/api/packages/62897?format=json","purl":"pkg:composer/typo3/cms@6.1.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.1.9"},{"url":"http://public2.vulnerablecode.io/api/packages/51878?format=json","purl":"pkg:composer/typo3/cms@6.2.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ef6-uy9t-mqcu"},{"vulnerability":"VCID-1efr-h9gq-r7h1"},{"vulnerability":"VCID-1u4r-r97q-3yfk"},{"vulnerability":"VCID-1usv-hs5c-akb2"},{"vulnerability":"VCID-2f2m-tcjn-fyby"},{"vulnerability":"VCID-2r7u-mc45-8yhe"},{"vulnerability":"VCID-39jx-muqb-nkfq"},{"vulnerability":"VCID-3ump-aca5-g7b6"},{"vulnerability":"VCID-4wnp-gusy-43b8"},{"vulnerability":"VCID-5dxs-cdht-27hw"},{"vulnerability":"VCID-5hm4-ms5p-uuae"},{"vulnerability":"VCID-5ppx-p8eq-mbgk"},{"vulnerability":"VCID-5ru2-1n1f-afa4"},{"vulnerability":"VCID-6su8-bbrw-hbhp"},{"vulnerability":"VCID-6u6t-uy5y-5fd6"},{"vulnerability":"VCID-727q-h3ey-6yc9"},{"vulnerability":"VCID-7n9x-c9gs-9yb3"},{"vulnerability":"VCID-83y4-7q4j-h7f8"},{"vulnerability":"VCID-8jcy-3kje-fqeh"},{"vulnerability":"VCID-8p64-6zpt-t3av"},{"vulnerability":"VCID-8vum-snng-jfcv"},{"vulnerability":"VCID-95wn-6r9b-q7et"},{"vulnerability":"VCID-9899-uxyb-73gg"},{"vulnerability":"VCID-a1kt-str6-rqec"},{"vulnerability":"VCID-ansr-8m5j-pya6"},{"vulnerability":"VCID-bstt-ybrs-5ua3"},{"vulnerability":"VCID-c57c-akce-xufq"},{"vulnerability":"VCID-cgqm-1wwf-kbg6"},{"vulnerability":"VCID-dd9u-w2y2-87h9"},{"vulnerability":"VCID-dw8z-wtph-skey"},{"vulnerability":"VCID-dwjk-7sqh-hqa8"},{"vulnerability":"VCID-dyhd-5p1e-fya6"},{"vulnerability":"VCID-e1gr-txgg-fqa6"},{"vulnerability":"VCID-e1ms-4r4s-g7e7"},{"vulnerability":"VCID-e2bk-pfbe-puek"},{"vulnerability":"VCID-e82x-2cdb-7fgn"},{"vulnerability":"VCID-ebku-sk43-m7bf"},{"vulnerability":"VCID-ec17-eauu-67d3"},{"vulnerability":"VCID-ekvp-u4kk-kqdd"},{"vulnerability":"VCID-eutz-mj58-audb"},{"vulnerability":"VCID-ev4k-5k1d-2bhu"},{"vulnerability":"VCID-exjy-5cyn-zfg1"},{"vulnerability":"VCID-fgn1-hswd-ekdf"},{"vulnerability":"VCID-fgqa-5fx9-nkaz"},{"vulnerability":"VCID-fqkx-v8t5-q3h6"},{"vulnerability":"VCID-g7mm-vjbw-bbhd"},{"vulnerability":"VCID-g9ns-sxkx-aqh1"},{"vulnerability":"VCID-gbdn-7ce2-zuf7"},{"vulnerability":"VCID-h217-xe8x-nua3"},{"vulnerability":"VCID-h7hf-sf2q-73ay"},{"vulnerability":"VCID-hm4k-wbq3-r7ej"},{"vulnerability":"VCID-huxd-2e6q-abak"},{"vulnerability":"VCID-hzma-cduk-3uhp"},{"vulnerability":"VCID-j6x1-dfre-2bdq"},{"vulnerability":"VCID-jbkw-4x2d-fqcp"},{"vulnerability":"VCID-jenc-czvj-g3gw"},{"vulnerability":"VCID-jeqr-9tfu-f7b2"},{"vulnerability":"VCID-jf28-91be-6kbr"},{"vulnerability":"VCID-jmea-qzsr-wkf4"},{"vulnerability":"VCID-jn38-wfec-7bb2"},{"vulnerability":"VCID-jx9x-wxwq-5khx"},{"vulnerability":"VCID-kj76-rsr8-yqb3"},{"vulnerability":"VCID-kp2p-nbmg-ufen"},{"vulnerability":"VCID-kqu8-8c1n-73hr"},{"vulnerability":"VCID-ks1q-a8x2-uqht"},{"vulnerability":"VCID-m3nc-xbb4-yubr"},{"vulnerability":"VCID-n18b-qe5x-z7cj"},{"vulnerability":"VCID-n326-yy8y-xuap"},{"vulnerability":"VCID-nhjv-nke2-2kf8"},{"vulnerability":"VCID-nqqc-nkwq-rqhx"},{"vulnerability":"VCID-nvbp-pbjw-3qgx"},{"vulnerability":"VCID-p7gd-anw2-1qbz"},{"vulnerability":"VCID-q5f3-nhjn-hyb4"},{"vulnerability":"VCID-qek9-g3h8-nfdz"},{"vulnerability":"VCID-r6hu-hvdh-abb1"},{"vulnerability":"VCID-rae3-cugy-hbh5"},{"vulnerability":"VCID-rs13-zf7b-mka7"},{"vulnerability":"VCID-s4re-vww7-sugb"},{"vulnerability":"VCID-s97a-nmk8-y3ay"},{"vulnerability":"VCID-sdz8-hju8-4bcb"},{"vulnerability":"VCID-sn8n-mawq-3uht"},{"vulnerability":"VCID-tgyt-axv1-c7ag"},{"vulnerability":"VCID-u37d-tqqe-n7d4"},{"vulnerability":"VCID-u4tq-8qnk-5fd7"},{"vulnerability":"VCID-u6h1-ccgw-jqds"},{"vulnerability":"VCID-ub3e-hrb1-wqac"},{"vulnerability":"VCID-v2qy-dbf2-bffn"},{"vulnerability":"VCID-vq15-t92r-5bhx"},{"vulnerability":"VCID-w58p-3wg1-7ycr"},{"vulnerability":"VCID-w65h-8a9d-ckgj"},{"vulnerability":"VCID-wk4s-4bcd-2yb5"},{"vulnerability":"VCID-wms8-dnuz-b3hc"},{"vulnerability":"VCID-x175-xjek-97ds"},{"vulnerability":"VCID-xpxg-qq49-b7fd"},{"vulnerability":"VCID-xt7m-u9eb-fyd9"},{"vulnerability":"VCID-xw1s-93bu-wuh9"},{"vulnerability":"VCID-y1ap-y4az-x7ec"},{"vulnerability":"VCID-yn6z-9v7k-x7br"},{"vulnerability":"VCID-ys6f-g39p-fkfc"},{"vulnerability":"VCID-zhvz-jzf3-2uac"},{"vulnerability":"VCID-zpxz-291y-x3c7"},{"vulnerability":"VCID-zru2-9g25-77dc"},{"vulnerability":"VCID-zrz3-3dnf-tbay"},{"vulnerability":"VCID-zybp-mb3d-jyee"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.3"}],"aliases":["CVE-2014-3943","GHSA-qqh2-h6gw-6x8x"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zqe5-53je-mfaw"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@4.7.0"}