Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/typo3/cms-core@12.4.13

Type composer

Namespace typo3

Name cms-core

Version 12.4.13

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 12.4.41

Latest_non_vulnerable_version 14.3.3

Affected_by_vulnerabilities

url VCID-4hp8-5qeb-wyam

vulnerability_id VCID-4hp8-5qeb-wyam

summary TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, the backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification. This behavior may lower the protection against unauthorized access in scenarios where an admin session is hijacked or left unattended, as it enables password changes without additional authentication. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-47938

reference_id

reference_type

scores

value	0.00158
scoring_system	epss
scoring_elements	0.3659
published_at	2026-06-14T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36601
published_at	2026-06-13T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36396
published_at	2026-06-11T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36577
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-47938

reference_url

https://github.com/TYPO3-CMS/core/commit/b9a8bcb614ecdd42aa27e1c430c6213d6b6b20b3

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3-CMS/core/commit/b9a8bcb614ecdd42aa27e1c430c6213d6b6b20b3

reference_url

https://github.com/TYPO3-CMS/setup/commit/60572dd050d8d861921889a19599bfe045fed5fd

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3-CMS/setup/commit/60572dd050d8d861921889a19599bfe045fed5fd

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-47938

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-47938

reference_url

https://github.com/advisories/GHSA-3jrg-97f3-rqh9

reference_id

GHSA-3jrg-97f3-rqh9

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3jrg-97f3-rqh9

reference_url

https://github.com/TYPO3/typo3/security/advisories/GHSA-3jrg-97f3-rqh9

reference_id

GHSA-3jrg-97f3-rqh9

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T13:56:18Z/

url

https://github.com/TYPO3/typo3/security/advisories/GHSA-3jrg-97f3-rqh9

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2025-013

reference_id

typo3-core-sa-2025-013

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T13:56:18Z/

url

https://typo3.org/security/advisory/typo3-core-sa-2025-013

fixed_packages

url pkg:composer/typo3/cms-core@12.4.31

purl pkg:composer/typo3/cms-core@12.4.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ant9-spg8-1ug5

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.31

url pkg:composer/typo3/cms-core@13.4.12

purl pkg:composer/typo3/cms-core@13.4.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ant9-spg8-1ug5

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.4.12

aliases CVE-2025-47938, GHSA-3jrg-97f3-rqh9

risk_score 1.7

exploitability 0.5

weighted_severity 3.4

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4hp8-5qeb-wyam

url VCID-9f74-pxxq-3qea

vulnerability_id VCID-9f74-pxxq-3qea

summary TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, failing to properly encode user-controlled values in file entities, the `ShowImageController` (`_eID tx_cms_showpic_`) is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to file entities. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-34357

reference_id

reference_type

scores

value	0.00634
scoring_system	epss
scoring_elements	0.70967
published_at	2026-06-14T12:55:00Z

value	0.00634
scoring_system	epss
scoring_elements	0.70866
published_at	2026-06-11T12:55:00Z

value	0.00634
scoring_system	epss
scoring_elements	0.70957
published_at	2026-06-12T12:55:00Z

value	0.00634
scoring_system	epss
scoring_elements	0.7097
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-34357

reference_url

https://github.com/TYPO3/typo3

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3

reference_url

https://github.com/TYPO3/typo3/commit/376474904f6b9a54dc1b785a2e45277cbd13b0d7

reference_id

376474904f6b9a54dc1b785a2e45277cbd13b0d7

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:47:12Z/

url

https://github.com/TYPO3/typo3/commit/376474904f6b9a54dc1b785a2e45277cbd13b0d7

reference_url

https://github.com/TYPO3/typo3/commit/b31d05d1da3eeaeead2d19eb43b1c3f9c88e15ee

reference_id

b31d05d1da3eeaeead2d19eb43b1c3f9c88e15ee

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:47:12Z/

url

https://github.com/TYPO3/typo3/commit/b31d05d1da3eeaeead2d19eb43b1c3f9c88e15ee

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-34357

reference_id

CVE-2024-34357

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-34357

reference_url

https://github.com/TYPO3/typo3/commit/d774642381354d3bf5095a5a26e18acd2767f0b1

reference_id

d774642381354d3bf5095a5a26e18acd2767f0b1

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:47:12Z/

url

https://github.com/TYPO3/typo3/commit/d774642381354d3bf5095a5a26e18acd2767f0b1

reference_url

https://github.com/advisories/GHSA-hw6c-6gwq-3m3m

reference_id

GHSA-hw6c-6gwq-3m3m

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hw6c-6gwq-3m3m

reference_url

https://github.com/TYPO3/typo3/security/advisories/GHSA-hw6c-6gwq-3m3m

reference_id

GHSA-hw6c-6gwq-3m3m

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:47:12Z/

url

https://github.com/TYPO3/typo3/security/advisories/GHSA-hw6c-6gwq-3m3m

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2024-009

reference_id

typo3-core-sa-2024-009

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:47:12Z/

url

https://typo3.org/security/advisory/typo3-core-sa-2024-009

fixed_packages

url pkg:composer/typo3/cms-core@12.4.15

purl pkg:composer/typo3/cms-core@12.4.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4hp8-5qeb-wyam

vulnerability	VCID-9mh5-8n3y-93c8

vulnerability	VCID-ant9-spg8-1ug5

vulnerability	VCID-arjb-mbgt-97dh

vulnerability	VCID-qnk5-9jfz-5bhh

vulnerability	VCID-u1bz-wj83-nbbt

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.15

url pkg:composer/typo3/cms-core@13.1.1

purl pkg:composer/typo3/cms-core@13.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4hp8-5qeb-wyam

vulnerability	VCID-9mh5-8n3y-93c8

vulnerability	VCID-ant9-spg8-1ug5

vulnerability	VCID-arjb-mbgt-97dh

vulnerability	VCID-qnk5-9jfz-5bhh

vulnerability	VCID-u1bz-wj83-nbbt

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.1.1

aliases CVE-2024-34357, GHSA-hw6c-6gwq-3m3m

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9f74-pxxq-3qea

url VCID-9fu7-2brx-j3az

vulnerability_id VCID-9fu7-2brx-j3az

summary TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the `ShowImageController` (`_eID tx_cms_showpic_`) lacks a cryptographic HMAC-signature on the `frame` HTTP query parameter (e.g. `/index.php?eID=tx_cms_showpic?file=3&...&frame=12345`). This allows adversaries to instruct the system to produce an arbitrary number of thumbnail images on the server side. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, 13.1.1 fix the problem described.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-34358

reference_id

reference_type

scores

value	0.0005
scoring_system	epss
scoring_elements	0.16167
published_at	2026-06-14T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.16051
published_at	2026-06-11T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.16193
published_at	2026-06-12T12:55:00Z

value	0.0005
scoring_system	epss
scoring_elements	0.16202
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-34358

reference_url

https://github.com/TYPO3/typo3

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3

reference_url

https://github.com/TYPO3/typo3/commit/05c95fed869a1a6dcca06c7077b83b6ea866ff14

reference_id

05c95fed869a1a6dcca06c7077b83b6ea866ff14

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:43:40Z/

url

https://github.com/TYPO3/typo3/commit/05c95fed869a1a6dcca06c7077b83b6ea866ff14

reference_url

https://github.com/TYPO3/typo3/commit/1e70ebf736935413b0531004839362b4fb0755a5

reference_id

1e70ebf736935413b0531004839362b4fb0755a5

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:43:40Z/

url

https://github.com/TYPO3/typo3/commit/1e70ebf736935413b0531004839362b4fb0755a5

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-34358

reference_id

CVE-2024-34358

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-34358

reference_url

https://github.com/TYPO3/typo3/commit/df7909b6a1cf0f12a42994d0cc3376b607746142

reference_id

df7909b6a1cf0f12a42994d0cc3376b607746142

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:43:40Z/

url

https://github.com/TYPO3/typo3/commit/df7909b6a1cf0f12a42994d0cc3376b607746142

reference_url

https://github.com/advisories/GHSA-36g8-62qv-5957

reference_id

GHSA-36g8-62qv-5957

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-36g8-62qv-5957

reference_url

https://github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957

reference_id

GHSA-36g8-62qv-5957

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:43:40Z/

url

https://github.com/TYPO3/typo3/security/advisories/GHSA-36g8-62qv-5957

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2024-010

reference_id

typo3-core-sa-2024-010

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-12T15:43:40Z/

url

https://typo3.org/security/advisory/typo3-core-sa-2024-010

fixed_packages

url pkg:composer/typo3/cms-core@12.4.15

purl pkg:composer/typo3/cms-core@12.4.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4hp8-5qeb-wyam

vulnerability	VCID-9mh5-8n3y-93c8

vulnerability	VCID-ant9-spg8-1ug5

vulnerability	VCID-arjb-mbgt-97dh

vulnerability	VCID-qnk5-9jfz-5bhh

vulnerability	VCID-u1bz-wj83-nbbt

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.15

url pkg:composer/typo3/cms-core@13.1.1

purl pkg:composer/typo3/cms-core@13.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4hp8-5qeb-wyam

vulnerability	VCID-9mh5-8n3y-93c8

vulnerability	VCID-ant9-spg8-1ug5

vulnerability	VCID-arjb-mbgt-97dh

vulnerability	VCID-qnk5-9jfz-5bhh

vulnerability	VCID-u1bz-wj83-nbbt

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.1.1

aliases CVE-2024-34358, GHSA-36g8-62qv-5957

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9fu7-2brx-j3az

url VCID-9mh5-8n3y-93c8

vulnerability_id VCID-9mh5-8n3y-93c8

summary TYPO3 is an open source, PHP based web content management system. Starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, when performing a database query involving multiple tables through the database abstraction layer (DBAL), frontend user permissions are only applied via `FrontendGroupRestriction` to the first table. As a result, data from additional tables included in the same query may be unintentionally exposed to unauthorized users. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-47937

reference_id

reference_type

scores

value	0.00201
scoring_system	epss
scoring_elements	0.42358
published_at	2026-06-12T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42369
published_at	2026-06-14T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.4238
published_at	2026-06-13T12:55:00Z

value	0.00201
scoring_system	epss
scoring_elements	0.42193
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-47937

reference_url

https://github.com/TYPO3-CMS/core

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3-CMS/core

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-47937

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-47937

reference_url

https://github.com/advisories/GHSA-x8pv-fgxp-8v3x

reference_id

GHSA-x8pv-fgxp-8v3x

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x8pv-fgxp-8v3x

reference_url

https://github.com/TYPO3/typo3/security/advisories/GHSA-x8pv-fgxp-8v3x

reference_id

GHSA-x8pv-fgxp-8v3x

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T13:57:34Z/

url

https://github.com/TYPO3/typo3/security/advisories/GHSA-x8pv-fgxp-8v3x

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2025-011

reference_id

typo3-core-sa-2025-011

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T13:57:34Z/

url

https://typo3.org/security/advisory/typo3-core-sa-2025-011

fixed_packages

url pkg:composer/typo3/cms-core@12.4.31

purl pkg:composer/typo3/cms-core@12.4.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ant9-spg8-1ug5

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.31

url pkg:composer/typo3/cms-core@13.4.12

purl pkg:composer/typo3/cms-core@13.4.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ant9-spg8-1ug5

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.4.12

aliases CVE-2025-47937, GHSA-x8pv-fgxp-8v3x

risk_score 1.6

exploitability 0.5

weighted_severity 3.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mh5-8n3y-93c8

url VCID-ant9-spg8-1ug5

vulnerability_id VCID-ant9-spg8-1ug5

summary A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-59015

reference_id

reference_type

scores

value	0.00062
scoring_system	epss
scoring_elements	0.19776
published_at	2026-06-13T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19753
published_at	2026-06-14T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19583
published_at	2026-06-11T12:55:00Z

value	0.00062
scoring_system	epss
scoring_elements	0.19758
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59015

reference_url

https://github.com/TYPO3-CMS/core

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3-CMS/core

reference_url

https://github.com/TYPO3-CMS/core/commit/d2057cc7b2c2db417a2af38c30cb9da42302ab70

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3-CMS/core/commit/d2057cc7b2c2db417a2af38c30cb9da42302ab70

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-59015

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-59015

reference_url

https://github.com/advisories/GHSA-p5jq-5383-qvc7

reference_id

GHSA-p5jq-5383-qvc7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-p5jq-5383-qvc7

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2025-019

reference_id

typo3-core-sa-2025-019

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	6.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-09T19:31:01Z/

url

https://typo3.org/security/advisory/typo3-core-sa-2025-019

fixed_packages

url pkg:composer/typo3/cms-core@12.4.37

purl pkg:composer/typo3/cms-core@12.4.37

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.37

url pkg:composer/typo3/cms-core@13.4.18

purl pkg:composer/typo3/cms-core@13.4.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.4.18

aliases CVE-2025-59015, GHSA-p5jq-5383-qvc7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ant9-spg8-1ug5

url VCID-arjb-mbgt-97dh

vulnerability_id VCID-arjb-mbgt-97dh

summary TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to versions 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS, administrator-level backend users without system maintainer privileges can escalate their privileges and gain system maintainer access. Exploiting this vulnerability requires a valid administrator account. Users should update to TYPO3 version 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-47940

reference_id

reference_type

scores

value	0.00316
scoring_system	epss
scoring_elements	0.55293
published_at	2026-06-13T12:55:00Z

value	0.00316
scoring_system	epss
scoring_elements	0.5528
published_at	2026-06-14T12:55:00Z

value	0.00316
scoring_system	epss
scoring_elements	0.55156
published_at	2026-06-11T12:55:00Z

value	0.00316
scoring_system	epss
scoring_elements	0.55277
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-47940

reference_url

https://github.com/TYPO3-CMS/core

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3-CMS/core

reference_url

https://github.com/TYPO3-CMS/core/commit/a659cc8c0ae05c44dd7f01d13629cdd2d0b7219b

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3-CMS/core/commit/a659cc8c0ae05c44dd7f01d13629cdd2d0b7219b

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-47940

reference_id

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-47940

reference_url

https://github.com/advisories/GHSA-6frx-j292-c844

reference_id

GHSA-6frx-j292-c844

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-6frx-j292-c844

reference_url

https://github.com/TYPO3/typo3/security/advisories/GHSA-6frx-j292-c844

reference_id

GHSA-6frx-j292-c844

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T14:35:19Z/

url

https://github.com/TYPO3/typo3/security/advisories/GHSA-6frx-j292-c844

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2025-016

reference_id

typo3-core-sa-2025-016

reference_type

scores

value	7.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-20T14:35:19Z/

url

https://typo3.org/security/advisory/typo3-core-sa-2025-016

fixed_packages

url pkg:composer/typo3/cms-core@12.4.31

purl pkg:composer/typo3/cms-core@12.4.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ant9-spg8-1ug5

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.31

url pkg:composer/typo3/cms-core@13.4.12

purl pkg:composer/typo3/cms-core@13.4.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ant9-spg8-1ug5

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.4.12

aliases CVE-2025-47940, GHSA-6frx-j292-c844

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-arjb-mbgt-97dh

url VCID-qnk5-9jfz-5bhh

vulnerability_id VCID-qnk5-9jfz-5bhh

summary TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. Users are advised to update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3 which fix the problem described. There are no known workarounds for this vulnerability.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-55892

reference_id

reference_type

scores

value	0.00253
scoring_system	epss
scoring_elements	0.49022
published_at	2026-06-13T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.49009
published_at	2026-06-14T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.48868
published_at	2026-06-11T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.49004
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-55892

reference_url

https://github.com/TYPO3/typo3

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3

reference_url

https://github.com/TYPO3/typo3/commit/a4abf48d254685f43383e6e7f80d48aebaea56af

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3/commit/a4abf48d254685f43383e6e7f80d48aebaea56af

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-55892

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-55892

reference_url

https://github.com/advisories/GHSA-2fx5-pggv-6jjr

reference_id

GHSA-2fx5-pggv-6jjr

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2fx5-pggv-6jjr

reference_url

https://github.com/TYPO3/typo3/security/advisories/GHSA-2fx5-pggv-6jjr

reference_id

GHSA-2fx5-pggv-6jjr

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T20:12:41Z/

url

https://github.com/TYPO3/typo3/security/advisories/GHSA-2fx5-pggv-6jjr

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2025-002

reference_id

typo3-core-sa-2025-002

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T20:12:41Z/

url

https://typo3.org/security/advisory/typo3-core-sa-2025-002

fixed_packages

url pkg:composer/typo3/cms-core@12.4.25

purl pkg:composer/typo3/cms-core@12.4.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4hp8-5qeb-wyam

vulnerability	VCID-9mh5-8n3y-93c8

vulnerability	VCID-ant9-spg8-1ug5

vulnerability	VCID-arjb-mbgt-97dh

vulnerability	VCID-u1bz-wj83-nbbt

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.25

url pkg:composer/typo3/cms-core@13.4.3

purl pkg:composer/typo3/cms-core@13.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4hp8-5qeb-wyam

vulnerability	VCID-9mh5-8n3y-93c8

vulnerability	VCID-ant9-spg8-1ug5

vulnerability	VCID-arjb-mbgt-97dh

vulnerability	VCID-u1bz-wj83-nbbt

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.4.3

aliases CVE-2024-55892, GHSA-2fx5-pggv-6jjr

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnk5-9jfz-5bhh

url VCID-rxu6-ccns-m3fk

vulnerability_id VCID-rxu6-ccns-m3fk

summary TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1 fix the problem described.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-34356

reference_id

reference_type

scores

value	0.00634
scoring_system	epss
scoring_elements	0.70967
published_at	2026-06-14T12:55:00Z

value	0.00634
scoring_system	epss
scoring_elements	0.70866
published_at	2026-06-11T12:55:00Z

value	0.00634
scoring_system	epss
scoring_elements	0.70957
published_at	2026-06-12T12:55:00Z

value	0.00634
scoring_system	epss
scoring_elements	0.7097
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-34356

reference_url

https://github.com/TYPO3/typo3

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3

reference_url

https://github.com/TYPO3/typo3/commit/2832e2f51f929aeddb5de7d667538a33ceda8156

reference_id

2832e2f51f929aeddb5de7d667538a33ceda8156

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-14T15:21:11Z/

url

https://github.com/TYPO3/typo3/commit/2832e2f51f929aeddb5de7d667538a33ceda8156

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-34356

reference_id

CVE-2024-34356

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-34356

reference_url

https://github.com/TYPO3/typo3/commit/d0393a879a32fb4e3569acad6bdb5cda776be1e5

reference_id

d0393a879a32fb4e3569acad6bdb5cda776be1e5

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-14T15:21:11Z/

url

https://github.com/TYPO3/typo3/commit/d0393a879a32fb4e3569acad6bdb5cda776be1e5

reference_url

https://github.com/TYPO3/typo3/commit/e95a1224719efafb9cab2d85964f240fd0356e64

reference_id

e95a1224719efafb9cab2d85964f240fd0356e64

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-14T15:21:11Z/

url

https://github.com/TYPO3/typo3/commit/e95a1224719efafb9cab2d85964f240fd0356e64

reference_url

https://github.com/advisories/GHSA-v6mw-h7w6-59w3

reference_id

GHSA-v6mw-h7w6-59w3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v6mw-h7w6-59w3

reference_url

https://github.com/TYPO3/typo3/security/advisories/GHSA-v6mw-h7w6-59w3

reference_id

GHSA-v6mw-h7w6-59w3

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-14T15:21:11Z/

url

https://github.com/TYPO3/typo3/security/advisories/GHSA-v6mw-h7w6-59w3

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2024-008

reference_id

typo3-core-sa-2024-008

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-05-14T15:21:11Z/

url

https://typo3.org/security/advisory/typo3-core-sa-2024-008

fixed_packages

url pkg:composer/typo3/cms-core@12.4.15

purl pkg:composer/typo3/cms-core@12.4.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4hp8-5qeb-wyam

vulnerability	VCID-9mh5-8n3y-93c8

vulnerability	VCID-ant9-spg8-1ug5

vulnerability	VCID-arjb-mbgt-97dh

vulnerability	VCID-qnk5-9jfz-5bhh

vulnerability	VCID-u1bz-wj83-nbbt

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.15

url pkg:composer/typo3/cms-core@13.1.1

purl pkg:composer/typo3/cms-core@13.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4hp8-5qeb-wyam

vulnerability	VCID-9mh5-8n3y-93c8

vulnerability	VCID-ant9-spg8-1ug5

vulnerability	VCID-arjb-mbgt-97dh

vulnerability	VCID-qnk5-9jfz-5bhh

vulnerability	VCID-u1bz-wj83-nbbt

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.1.1

aliases CVE-2024-34356, GHSA-v6mw-h7w6-59w3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rxu6-ccns-m3fk

url VCID-u1bz-wj83-nbbt

vulnerability_id VCID-u1bz-wj83-nbbt

summary TYPO3 is an open source, PHP based web content management system. By design, the file management module in TYPO3’s backend user interface has historically allowed the upload of any file type, with the exception of those that are directly executable in a web server context. This lack of restriction means it is possible to upload files that may be considered potentially harmful, such as executable binaries (e.g., `.exe` files), or files with inconsistent file extensions and MIME types (for example, a file incorrectly named with a `.png` extension but actually carrying the MIME type `application/zip`) starting in version 9.0.0 and prior to versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, and 13.4.12 LTS. Although such files are not directly executable through the web server, their presence can introduce indirect risks. For example, third-party services such as antivirus scanners or malware detection systems might flag or block access to the website for end users if suspicious files are found. This could negatively affect the availability or reputation of the site. Users should update to TYPO3 version 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, or 13.4.12 LTS to fix the problem.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-47939

reference_id

reference_type

scores

value	0.00129
scoring_system	epss
scoring_elements	0.32065
published_at	2026-06-13T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32044
published_at	2026-06-14T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.31863
published_at	2026-06-11T12:55:00Z

value	0.00129
scoring_system	epss
scoring_elements	0.32049
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-47939

reference_url

https://github.com/TYPO3-CMS/core

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3-CMS/core

reference_url

https://github.com/TYPO3-CMS/core/commit/c265beed6e2c01817c534a226e80e593400f8255

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3-CMS/core/commit/c265beed6e2c01817c534a226e80e593400f8255

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-47939

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-47939

reference_url

https://github.com/advisories/GHSA-9hq9-cr36-4wpj

reference_id

GHSA-9hq9-cr36-4wpj

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9hq9-cr36-4wpj

reference_url

https://github.com/TYPO3/typo3/security/advisories/GHSA-9hq9-cr36-4wpj

reference_id

GHSA-9hq9-cr36-4wpj

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T14:08:07Z/

url

https://github.com/TYPO3/typo3/security/advisories/GHSA-9hq9-cr36-4wpj

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2025-014

reference_id

typo3-core-sa-2025-014

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-20T14:08:07Z/

url

https://typo3.org/security/advisory/typo3-core-sa-2025-014

fixed_packages

url pkg:composer/typo3/cms-core@12.4.31

purl pkg:composer/typo3/cms-core@12.4.31

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ant9-spg8-1ug5

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.31

url pkg:composer/typo3/cms-core@13.4.12

purl pkg:composer/typo3/cms-core@13.4.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ant9-spg8-1ug5

vulnerability	VCID-x2ne-qxnz-rkem

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.4.12

aliases CVE-2025-47939, GHSA-9hq9-cr36-4wpj

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u1bz-wj83-nbbt

url VCID-x2ne-qxnz-rkem

vulnerability_id VCID-x2ne-qxnz-rkem

summary TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54, 11.0.0-11.5.48, 12.0.0-12.4.40, 13.0.0-13.4.22 and 14.0.0-14.0.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-0859

reference_id

reference_type

scores

value	0.00031
scoring_system	epss
scoring_elements	0.09365
published_at	2026-06-11T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.14366
published_at	2026-06-12T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.14342
published_at	2026-06-14T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.14367
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-0859

reference_url

https://github.com/TYPO3/typo3

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3

reference_url

https://github.com/TYPO3/typo3/commit/3225d705080a1bde57a66689621c947da5a4782f

reference_id

3225d705080a1bde57a66689621c947da5a4782f

reference_type

scores

value	5.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:11:54Z/

url

https://github.com/TYPO3/typo3/commit/3225d705080a1bde57a66689621c947da5a4782f

reference_url

https://github.com/TYPO3/typo3/commit/722bf71c118b0a8e4f2c2494854437d846799a13

reference_id

722bf71c118b0a8e4f2c2494854437d846799a13

reference_type

scores

value	5.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:11:54Z/

url

https://github.com/TYPO3/typo3/commit/722bf71c118b0a8e4f2c2494854437d846799a13

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-0859

reference_id

CVE-2026-0859

reference_type

scores

value	5.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-0859

reference_url

https://github.com/TYPO3/typo3/commit/e0f0ceee480c203fbb60b87454f5f193e541d27f

reference_id

e0f0ceee480c203fbb60b87454f5f193e541d27f

reference_type

scores

value	5.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:11:54Z/

url

https://github.com/TYPO3/typo3/commit/e0f0ceee480c203fbb60b87454f5f193e541d27f

reference_url

https://github.com/advisories/GHSA-7vp9-x248-9vr9

reference_id

GHSA-7vp9-x248-9vr9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7vp9-x248-9vr9

reference_url

https://github.com/TYPO3/typo3/security/advisories/GHSA-7vp9-x248-9vr9

reference_id

GHSA-7vp9-x248-9vr9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	5.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/TYPO3/typo3/security/advisories/GHSA-7vp9-x248-9vr9

reference_url

https://typo3.org/security/advisory/typo3-core-sa-2026-004

reference_id

typo3-core-sa-2026-004

reference_type

scores

value	5.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-13T14:11:54Z/

url

https://typo3.org/security/advisory/typo3-core-sa-2026-004

fixed_packages

url	pkg:composer/typo3/cms-core@12.4.41
purl	pkg:composer/typo3/cms-core@12.4.41
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.41

url	pkg:composer/typo3/cms-core@13.4.23
purl	pkg:composer/typo3/cms-core@13.4.23
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@13.4.23

url	pkg:composer/typo3/cms-core@14.0.2
purl	pkg:composer/typo3/cms-core@14.0.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@14.0.2

aliases CVE-2026-0859, GHSA-7vp9-x248-9vr9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x2ne-qxnz-rkem

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms-core@12.4.13

Package Instance