Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/typo3/cms@7.2.0
Typecomposer
Namespacetypo3
Namecms
Version7.2.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version10.4.35
Latest_non_vulnerable_version12.2.0
Affected_by_vulnerabilities
0
url VCID-1u4r-r97q-3yfk
vulnerability_id VCID-1u4r-r97q-3yfk
summary Information Disclosure possibility exploitable by Editors.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-005/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-005/
fixed_packages
0
url pkg:composer/typo3/cms@7.3.0
purl pkg:composer/typo3/cms@7.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5hm4-ms5p-uuae
5
vulnerability VCID-5ru2-1n1f-afa4
6
vulnerability VCID-66kh-c1dm-8fbf
7
vulnerability VCID-8jcy-3kje-fqeh
8
vulnerability VCID-953t-q1cr-zyd6
9
vulnerability VCID-9899-uxyb-73gg
10
vulnerability VCID-abjx-8v46-d7d8
11
vulnerability VCID-ansr-8m5j-pya6
12
vulnerability VCID-c57c-akce-xufq
13
vulnerability VCID-cgqm-1wwf-kbg6
14
vulnerability VCID-dsqm-9q3e-dudw
15
vulnerability VCID-dyhd-5p1e-fya6
16
vulnerability VCID-e1ms-4r4s-g7e7
17
vulnerability VCID-e2bk-pfbe-puek
18
vulnerability VCID-e82x-2cdb-7fgn
19
vulnerability VCID-ev4k-5k1d-2bhu
20
vulnerability VCID-fdnw-2tz5-4fdr
21
vulnerability VCID-fqkx-v8t5-q3h6
22
vulnerability VCID-gpv4-4tpd-tbaa
23
vulnerability VCID-hm4k-wbq3-r7ej
24
vulnerability VCID-hp99-ncuh-6ugv
25
vulnerability VCID-hsw8-nbs6-auaa
26
vulnerability VCID-hyx9-8ae6-sba8
27
vulnerability VCID-j6x1-dfre-2bdq
28
vulnerability VCID-jp1p-rfxa-hyd9
29
vulnerability VCID-jq5y-7h9g-mufa
30
vulnerability VCID-jwb1-3sbg-kfa5
31
vulnerability VCID-n18b-qe5x-z7cj
32
vulnerability VCID-nhjv-nke2-2kf8
33
vulnerability VCID-njsj-bwjq-fyap
34
vulnerability VCID-p576-w7dd-p3h7
35
vulnerability VCID-p7gd-anw2-1qbz
36
vulnerability VCID-qcnh-z4zh-myaw
37
vulnerability VCID-qek9-g3h8-nfdz
38
vulnerability VCID-rs13-zf7b-mka7
39
vulnerability VCID-teby-zvvw-zkhv
40
vulnerability VCID-tzpj-j3x1-ekgk
41
vulnerability VCID-u6h1-ccgw-jqds
42
vulnerability VCID-ub3e-hrb1-wqac
43
vulnerability VCID-uq77-aax5-k7d8
44
vulnerability VCID-vq15-t92r-5bhx
45
vulnerability VCID-w65h-8a9d-ckgj
46
vulnerability VCID-wms8-dnuz-b3hc
47
vulnerability VCID-xvyu-2hb8-8ufh
48
vulnerability VCID-xw1s-93bu-wuh9
49
vulnerability VCID-ys6f-g39p-fkfc
50
vulnerability VCID-yz6t-ge1y-qfgr
51
vulnerability VCID-zru2-9g25-77dc
52
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0
aliases GMS-2015-83
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1u4r-r97q-3yfk
1
url VCID-28fn-ncj5-2ufk
vulnerability_id VCID-28fn-ncj5-2ufk
summary 
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Failing to properly encode user input, online media asset rendering (`*.youtube` and `*.vimeo` files) is vulnerable to cross-site scripting. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-1.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-1.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/20927adfb8aae0093508c904937e40114b92a90c
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/20927adfb8aae0093508c904937e40114b92a90c
3
reference_url https://github.com/TYPO3/typo3/commit/a32a9a746f807b14571139f0cb7caa00b8d037a5
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/a32a9a746f807b14571139f0cb7caa00b8d037a5
4
reference_url https://github.com/TYPO3/typo3/commit/c9174937802581bfecfaa788512a4f6e5cf8e9c7
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/c9174937802581bfecfaa788512a4f6e5cf8e9c7
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-006
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-006
6
reference_url https://github.com/advisories/GHSA-8m6j-p5jv-v69w
reference_id GHSA-8m6j-p5jv-v69w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8m6j-p5jv-v69w
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-8m6j-p5jv-v69w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-28fn-ncj5-2ufk
2
url VCID-2rhr-8vaz-hqfj
vulnerability_id VCID-2rhr-8vaz-hqfj
summary 
Cross-site Scripting
TYPO3 is vulnerable to cross-site scripting. Corresponding rendering instructions via TypoScript functionality HTMLparser does not consider all potentially malicious HTML tag & attribute combinations per default. In default scenarios, a valid backend user account is needed to exploit this vulnerability. In case custom plugins used in the website frontend accept and reflect rich-text content submitted by users, no authentication is required.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32768
reference_id
reference_type
scores
0
value 0.00284
scoring_system epss
scoring_elements 0.52118
published_at 2026-06-06T12:55:00Z
1
value 0.00284
scoring_system epss
scoring_elements 0.52109
published_at 2026-06-05T12:55:00Z
2
value 0.00284
scoring_system epss
scoring_elements 0.52048
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32768
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32768.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32768.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32768.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32768.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-c5c9-8c6m-727v
4
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-c5c9-8c6m-727v
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-c5c9-8c6m-727v
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-013
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-013
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32768
reference_id CVE-2021-32768
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32768
fixed_packages
0
url pkg:composer/typo3/cms@7.6.53
purl pkg:composer/typo3/cms@7.6.53
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.53
1
url pkg:composer/typo3/cms@8.7.42
purl pkg:composer/typo3/cms@8.7.42
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.42
2
url pkg:composer/typo3/cms@9.5.29
purl pkg:composer/typo3/cms@9.5.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-6a22-c7x5-sqe2
3
vulnerability VCID-hsw8-nbs6-auaa
4
vulnerability VCID-tzpj-j3x1-ekgk
5
vulnerability VCID-un7r-8sah-33cr
6
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.29
3
url pkg:composer/typo3/cms@10.4.19
purl pkg:composer/typo3/cms@10.4.19
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-36cz-khgc-6fft
4
vulnerability VCID-6a22-c7x5-sqe2
5
vulnerability VCID-6hnx-p9hv-jbg2
6
vulnerability VCID-6xgm-uan4-u7fu
7
vulnerability VCID-9c49-n1a2-pubu
8
vulnerability VCID-e4zc-fmh2-n7b8
9
vulnerability VCID-fyyr-48a7-8qch
10
vulnerability VCID-gbev-1zs8-8bac
11
vulnerability VCID-hsw8-nbs6-auaa
12
vulnerability VCID-tzpj-j3x1-ekgk
13
vulnerability VCID-un7r-8sah-33cr
14
vulnerability VCID-x8qf-w4vq-mfhm
15
vulnerability VCID-x8tq-5na6-gfbj
16
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.19
4
url pkg:composer/typo3/cms@11.3.2
purl pkg:composer/typo3/cms@11.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-36cz-khgc-6fft
4
vulnerability VCID-6a22-c7x5-sqe2
5
vulnerability VCID-6hnx-p9hv-jbg2
6
vulnerability VCID-6xgm-uan4-u7fu
7
vulnerability VCID-9c49-n1a2-pubu
8
vulnerability VCID-b9sw-6tzm-3yhj
9
vulnerability VCID-e4zc-fmh2-n7b8
10
vulnerability VCID-fsx8-7qjz-2ubw
11
vulnerability VCID-fyyr-48a7-8qch
12
vulnerability VCID-gbev-1zs8-8bac
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-tzpj-j3x1-ekgk
15
vulnerability VCID-un7r-8sah-33cr
16
vulnerability VCID-x8qf-w4vq-mfhm
17
vulnerability VCID-x8tq-5na6-gfbj
18
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.3.2
aliases CVE-2021-32768, GHSA-c5c9-8c6m-727v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rhr-8vaz-hqfj
3
url VCID-2rmv-a83x-9ka8
vulnerability_id VCID-2rmv-a83x-9ka8
summary 
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.0)

### Problem
It has been discovered that the `FileDumpController` (backend and frontend context) is vulnerable to cross-site scripting when malicious files are displayed using this component. A valid backend user account is needed to exploit this vulnerability.

### Solution
Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above.

### Credits
Thanks to Vautia who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-009](https://typo3.org/security/advisory/typo3-core-sa-2022-009)
* [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/51e9b709-193c-41fd-bd4a-833aaca0bd4e/) (embargoed +30 days)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36107
reference_id
reference_type
scores
0
value 0.00687
scoring_system epss
scoring_elements 0.72122
published_at 2026-06-04T12:55:00Z
1
value 0.00687
scoring_system epss
scoring_elements 0.7217
published_at 2026-06-06T12:55:00Z
2
value 0.00687
scoring_system epss
scoring_elements 0.72163
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36107
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36107.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36107.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/546208428c861a09d62b86cde141eb19a81fae66
5
reference_url https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/bd58d2ff2eeef89e63ef754a2389597d22622a39
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-9c6w-55cp-5w25
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36107
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36107
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-009
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-009
9
reference_url https://github.com/advisories/GHSA-9c6w-55cp-5w25
reference_id GHSA-9c6w-55cp-5w25
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9c6w-55cp-5w25
fixed_packages
0
url pkg:composer/typo3/cms@10.4.32
purl pkg:composer/typo3/cms@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-6a22-c7x5-sqe2
2
vulnerability VCID-6hnx-p9hv-jbg2
3
vulnerability VCID-6xgm-uan4-u7fu
4
vulnerability VCID-un7r-8sah-33cr
5
vulnerability VCID-x8qf-w4vq-mfhm
6
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.32
1
url pkg:composer/typo3/cms@11.5.16
purl pkg:composer/typo3/cms@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-6a22-c7x5-sqe2
2
vulnerability VCID-6hnx-p9hv-jbg2
3
vulnerability VCID-6xgm-uan4-u7fu
4
vulnerability VCID-un7r-8sah-33cr
5
vulnerability VCID-x8qf-w4vq-mfhm
6
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.16
aliases CVE-2022-36107, GHSA-9c6w-55cp-5w25
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2rmv-a83x-9ka8
4
url VCID-3ugj-6m1e-e3hr
vulnerability_id VCID-3ugj-6m1e-e3hr
summary 
Cross-site Scripting
Cross-Site Scripting in Online Media Asset Rendering.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-006/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-006/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-97
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ugj-6m1e-e3hr
5
url VCID-5hm4-ms5p-uuae
vulnerability_id VCID-5hm4-ms5p-uuae
summary Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-021
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-021
fixed_packages
0
url pkg:composer/typo3/cms@7.6.11
purl pkg:composer/typo3/cms@7.6.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-4wnp-gusy-43b8
5
vulnerability VCID-5dxs-cdht-27hw
6
vulnerability VCID-5u2f-5zzf-j3e4
7
vulnerability VCID-66kh-c1dm-8fbf
8
vulnerability VCID-66ru-n2df-b3ay
9
vulnerability VCID-727q-h3ey-6yc9
10
vulnerability VCID-953t-q1cr-zyd6
11
vulnerability VCID-9726-hafj-wkay
12
vulnerability VCID-9saf-w56y-pugz
13
vulnerability VCID-abjx-8v46-d7d8
14
vulnerability VCID-dsqm-9q3e-dudw
15
vulnerability VCID-e564-zdku-9fc6
16
vulnerability VCID-eutz-mj58-audb
17
vulnerability VCID-ev4k-5k1d-2bhu
18
vulnerability VCID-fdnw-2tz5-4fdr
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-gpv4-4tpd-tbaa
21
vulnerability VCID-h217-xe8x-nua3
22
vulnerability VCID-h7cg-64er-uya9
23
vulnerability VCID-h7hf-sf2q-73ay
24
vulnerability VCID-hp99-ncuh-6ugv
25
vulnerability VCID-hsw8-nbs6-auaa
26
vulnerability VCID-hyx9-8ae6-sba8
27
vulnerability VCID-j8sh-5evd-dkaz
28
vulnerability VCID-jp1p-rfxa-hyd9
29
vulnerability VCID-jq5y-7h9g-mufa
30
vulnerability VCID-jqe4-8hzb-mfea
31
vulnerability VCID-jwb1-3sbg-kfa5
32
vulnerability VCID-mctp-nf36-7qdn
33
vulnerability VCID-njsj-bwjq-fyap
34
vulnerability VCID-p576-w7dd-p3h7
35
vulnerability VCID-p7gd-anw2-1qbz
36
vulnerability VCID-qcnh-z4zh-myaw
37
vulnerability VCID-sy7r-d6pv-yba9
38
vulnerability VCID-teby-zvvw-zkhv
39
vulnerability VCID-tgyt-axv1-c7ag
40
vulnerability VCID-tzpj-j3x1-ekgk
41
vulnerability VCID-u5he-6tqb-gqaf
42
vulnerability VCID-uq77-aax5-k7d8
43
vulnerability VCID-vq15-t92r-5bhx
44
vulnerability VCID-w58p-3wg1-7ycr
45
vulnerability VCID-xh68-defe-f7ce
46
vulnerability VCID-xpxg-qq49-b7fd
47
vulnerability VCID-xvyu-2hb8-8ufh
48
vulnerability VCID-xw1s-93bu-wuh9
49
vulnerability VCID-ygw4-jdqu-4fbt
50
vulnerability VCID-yz6t-ge1y-qfgr
51
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.11
1
url pkg:composer/typo3/cms@8.0.0
purl pkg:composer/typo3/cms@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2r7u-mc45-8yhe
5
vulnerability VCID-2rhr-8vaz-hqfj
6
vulnerability VCID-2rmv-a83x-9ka8
7
vulnerability VCID-2vpx-fqb6-aqfa
8
vulnerability VCID-39jx-muqb-nkfq
9
vulnerability VCID-39vn-73mc-jqav
10
vulnerability VCID-3ugj-6m1e-e3hr
11
vulnerability VCID-4eym-e6vt-8fbs
12
vulnerability VCID-4wnp-gusy-43b8
13
vulnerability VCID-5dxs-cdht-27hw
14
vulnerability VCID-5k47-9k7t-rqak
15
vulnerability VCID-5u2f-5zzf-j3e4
16
vulnerability VCID-66kh-c1dm-8fbf
17
vulnerability VCID-66ru-n2df-b3ay
18
vulnerability VCID-6su8-bbrw-hbhp
19
vulnerability VCID-727q-h3ey-6yc9
20
vulnerability VCID-7ch1-q9f4-a7bt
21
vulnerability VCID-7m6u-k5tp-gkhy
22
vulnerability VCID-848u-w88s-5bbe
23
vulnerability VCID-8p64-6zpt-t3av
24
vulnerability VCID-94r9-hh4g-jkej
25
vulnerability VCID-953t-q1cr-zyd6
26
vulnerability VCID-9726-hafj-wkay
27
vulnerability VCID-9saf-w56y-pugz
28
vulnerability VCID-9yu1-z7c2-t3fj
29
vulnerability VCID-abjx-8v46-d7d8
30
vulnerability VCID-am6s-67bm-77dr
31
vulnerability VCID-bn3p-39sv-6fdg
32
vulnerability VCID-bq2j-t19h-zyad
33
vulnerability VCID-bstt-ybrs-5ua3
34
vulnerability VCID-buj5-2t53-3kcr
35
vulnerability VCID-cbmm-1b2k-8qaz
36
vulnerability VCID-d6c2-upx1-e7cd
37
vulnerability VCID-dsqm-9q3e-dudw
38
vulnerability VCID-e564-zdku-9fc6
39
vulnerability VCID-emqq-kwjg-3kfk
40
vulnerability VCID-eutz-mj58-audb
41
vulnerability VCID-ev4k-5k1d-2bhu
42
vulnerability VCID-f319-jpf5-hyex
43
vulnerability VCID-fdnw-2tz5-4fdr
44
vulnerability VCID-fgqa-5fx9-nkaz
45
vulnerability VCID-fh61-7rfy-s3hg
46
vulnerability VCID-fqkc-utex-3kav
47
vulnerability VCID-fqkx-v8t5-q3h6
48
vulnerability VCID-fut7-bb1f-37g7
49
vulnerability VCID-g7mm-vjbw-bbhd
50
vulnerability VCID-gk79-jtuz-myh6
51
vulnerability VCID-gpv4-4tpd-tbaa
52
vulnerability VCID-h217-xe8x-nua3
53
vulnerability VCID-h7cg-64er-uya9
54
vulnerability VCID-h7hf-sf2q-73ay
55
vulnerability VCID-hp99-ncuh-6ugv
56
vulnerability VCID-hsw8-nbs6-auaa
57
vulnerability VCID-hyx9-8ae6-sba8
58
vulnerability VCID-hzma-cduk-3uhp
59
vulnerability VCID-j8hk-bqnb-gycp
60
vulnerability VCID-j8sh-5evd-dkaz
61
vulnerability VCID-jeqr-9tfu-f7b2
62
vulnerability VCID-jf28-91be-6kbr
63
vulnerability VCID-jmea-qzsr-wkf4
64
vulnerability VCID-jn38-wfec-7bb2
65
vulnerability VCID-jp1p-rfxa-hyd9
66
vulnerability VCID-jq5y-7h9g-mufa
67
vulnerability VCID-jqe4-8hzb-mfea
68
vulnerability VCID-jwb1-3sbg-kfa5
69
vulnerability VCID-k5t3-28es-h3ez
70
vulnerability VCID-khpm-e1xb-hydb
71
vulnerability VCID-ks1q-a8x2-uqht
72
vulnerability VCID-m3nc-xbb4-yubr
73
vulnerability VCID-mctp-nf36-7qdn
74
vulnerability VCID-nhjv-nke2-2kf8
75
vulnerability VCID-njsj-bwjq-fyap
76
vulnerability VCID-nney-azbc-pucg
77
vulnerability VCID-nvbp-pbjw-3qgx
78
vulnerability VCID-p576-w7dd-p3h7
79
vulnerability VCID-p7gd-anw2-1qbz
80
vulnerability VCID-pmvp-twk2-jqe4
81
vulnerability VCID-q2ym-y2rz-1bdn
82
vulnerability VCID-q52p-xfj8-gygd
83
vulnerability VCID-q7vt-19eb-sqeq
84
vulnerability VCID-qcnh-z4zh-myaw
85
vulnerability VCID-qdxh-arxx-wbcr
86
vulnerability VCID-qv14-m93d-jyd9
87
vulnerability VCID-qxab-9uwr-yqhv
88
vulnerability VCID-rqrw-t2kj-mud8
89
vulnerability VCID-ru6w-m6q6-27gn
90
vulnerability VCID-sdjb-gp4t-vbgt
91
vulnerability VCID-sdsa-mh76-kqch
92
vulnerability VCID-sdz8-hju8-4bcb
93
vulnerability VCID-sy7r-d6pv-yba9
94
vulnerability VCID-teby-zvvw-zkhv
95
vulnerability VCID-tzpj-j3x1-ekgk
96
vulnerability VCID-u259-2sxq-tbct
97
vulnerability VCID-u4tq-8qnk-5fd7
98
vulnerability VCID-u5he-6tqb-gqaf
99
vulnerability VCID-u6as-cwxc-pkhk
100
vulnerability VCID-uq77-aax5-k7d8
101
vulnerability VCID-vq15-t92r-5bhx
102
vulnerability VCID-vw2r-g8yy-eyf4
103
vulnerability VCID-w483-prq4-rycx
104
vulnerability VCID-w58p-3wg1-7ycr
105
vulnerability VCID-wat8-4m83-hken
106
vulnerability VCID-wy45-2gmr-fkfg
107
vulnerability VCID-x175-xjek-97ds
108
vulnerability VCID-x5x1-w7yv-eye9
109
vulnerability VCID-xh68-defe-f7ce
110
vulnerability VCID-xpxg-qq49-b7fd
111
vulnerability VCID-xvyu-2hb8-8ufh
112
vulnerability VCID-xw1s-93bu-wuh9
113
vulnerability VCID-y7ds-p5r2-yuhq
114
vulnerability VCID-ygw4-jdqu-4fbt
115
vulnerability VCID-yh6b-tc4u-v3bk
116
vulnerability VCID-yn6z-9v7k-x7br
117
vulnerability VCID-yz6t-ge1y-qfgr
118
vulnerability VCID-zgfw-pk39-gyg8
119
vulnerability VCID-zmwv-gwq3-fkej
120
vulnerability VCID-zrz3-3dnf-tbay
121
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.0
2
url pkg:composer/typo3/cms@8.3.1
purl pkg:composer/typo3/cms@8.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-4wnp-gusy-43b8
10
vulnerability VCID-5dxs-cdht-27hw
11
vulnerability VCID-5k47-9k7t-rqak
12
vulnerability VCID-5u2f-5zzf-j3e4
13
vulnerability VCID-66kh-c1dm-8fbf
14
vulnerability VCID-66ru-n2df-b3ay
15
vulnerability VCID-727q-h3ey-6yc9
16
vulnerability VCID-7ch1-q9f4-a7bt
17
vulnerability VCID-7m6u-k5tp-gkhy
18
vulnerability VCID-848u-w88s-5bbe
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-953t-q1cr-zyd6
21
vulnerability VCID-9726-hafj-wkay
22
vulnerability VCID-9saf-w56y-pugz
23
vulnerability VCID-9yu1-z7c2-t3fj
24
vulnerability VCID-abjx-8v46-d7d8
25
vulnerability VCID-am6s-67bm-77dr
26
vulnerability VCID-bn3p-39sv-6fdg
27
vulnerability VCID-buj5-2t53-3kcr
28
vulnerability VCID-d6c2-upx1-e7cd
29
vulnerability VCID-dsqm-9q3e-dudw
30
vulnerability VCID-e564-zdku-9fc6
31
vulnerability VCID-emqq-kwjg-3kfk
32
vulnerability VCID-eutz-mj58-audb
33
vulnerability VCID-ev4k-5k1d-2bhu
34
vulnerability VCID-f319-jpf5-hyex
35
vulnerability VCID-f837-rs5d-jbbp
36
vulnerability VCID-fdnw-2tz5-4fdr
37
vulnerability VCID-fqkc-utex-3kav
38
vulnerability VCID-fqkx-v8t5-q3h6
39
vulnerability VCID-fut7-bb1f-37g7
40
vulnerability VCID-gpv4-4tpd-tbaa
41
vulnerability VCID-h217-xe8x-nua3
42
vulnerability VCID-h7cg-64er-uya9
43
vulnerability VCID-h7hf-sf2q-73ay
44
vulnerability VCID-hg2n-xera-jkdh
45
vulnerability VCID-hp99-ncuh-6ugv
46
vulnerability VCID-hsw8-nbs6-auaa
47
vulnerability VCID-hyx9-8ae6-sba8
48
vulnerability VCID-j8hk-bqnb-gycp
49
vulnerability VCID-j8sh-5evd-dkaz
50
vulnerability VCID-jp1p-rfxa-hyd9
51
vulnerability VCID-jq5y-7h9g-mufa
52
vulnerability VCID-jqe4-8hzb-mfea
53
vulnerability VCID-jwb1-3sbg-kfa5
54
vulnerability VCID-k5t3-28es-h3ez
55
vulnerability VCID-khpm-e1xb-hydb
56
vulnerability VCID-mctp-nf36-7qdn
57
vulnerability VCID-njsj-bwjq-fyap
58
vulnerability VCID-nney-azbc-pucg
59
vulnerability VCID-p576-w7dd-p3h7
60
vulnerability VCID-p7gd-anw2-1qbz
61
vulnerability VCID-pmvp-twk2-jqe4
62
vulnerability VCID-q2ym-y2rz-1bdn
63
vulnerability VCID-q52p-xfj8-gygd
64
vulnerability VCID-q7vt-19eb-sqeq
65
vulnerability VCID-qcnh-z4zh-myaw
66
vulnerability VCID-qdxh-arxx-wbcr
67
vulnerability VCID-qv14-m93d-jyd9
68
vulnerability VCID-qxab-9uwr-yqhv
69
vulnerability VCID-rqrw-t2kj-mud8
70
vulnerability VCID-ru6w-m6q6-27gn
71
vulnerability VCID-sdjb-gp4t-vbgt
72
vulnerability VCID-sdsa-mh76-kqch
73
vulnerability VCID-sy7r-d6pv-yba9
74
vulnerability VCID-teby-zvvw-zkhv
75
vulnerability VCID-tzpj-j3x1-ekgk
76
vulnerability VCID-u259-2sxq-tbct
77
vulnerability VCID-u5he-6tqb-gqaf
78
vulnerability VCID-u6as-cwxc-pkhk
79
vulnerability VCID-uq77-aax5-k7d8
80
vulnerability VCID-vq15-t92r-5bhx
81
vulnerability VCID-vw2r-g8yy-eyf4
82
vulnerability VCID-w483-prq4-rycx
83
vulnerability VCID-w58p-3wg1-7ycr
84
vulnerability VCID-wat8-4m83-hken
85
vulnerability VCID-wy45-2gmr-fkfg
86
vulnerability VCID-x5x1-w7yv-eye9
87
vulnerability VCID-xh68-defe-f7ce
88
vulnerability VCID-xpxg-qq49-b7fd
89
vulnerability VCID-xvyu-2hb8-8ufh
90
vulnerability VCID-xw1s-93bu-wuh9
91
vulnerability VCID-y7ds-p5r2-yuhq
92
vulnerability VCID-ygw4-jdqu-4fbt
93
vulnerability VCID-yh6b-tc4u-v3bk
94
vulnerability VCID-yz6t-ge1y-qfgr
95
vulnerability VCID-zgfw-pk39-gyg8
96
vulnerability VCID-zmwv-gwq3-fkej
97
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.3.1
aliases TYPO3-CORE-SA-2016-021
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5hm4-ms5p-uuae
6
url VCID-5ru2-1n1f-afa4
vulnerability_id VCID-5ru2-1n1f-afa4
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.
references
0
reference_url http://flash.flowplayer.org/documentation/version-history.html
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://flash.flowplayer.org/documentation/version-history.html
1
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344
2
reference_url http://openwall.com/lists/oss-security/2014/03/17/1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2014/03/17/1
3
reference_url https://api.first.org/data/v1/epss?cve=CVE-2013-7341
reference_id
reference_type
scores
0
value 0.00258
scoring_system epss
scoring_elements 0.49512
published_at 2026-06-06T12:55:00Z
1
value 0.00258
scoring_system epss
scoring_elements 0.49502
published_at 2026-06-05T12:55:00Z
2
value 0.00258
scoring_system epss
scoring_elements 0.49439
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2013-7341
4
reference_url https://github.com/flowplayer/flash/issues/121
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/flowplayer/flash/issues/121
5
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
6
reference_url https://github.com/moodle/moodle/commit/98d135fea3006334093efa822205d4b2c3fd8ff9
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/98d135fea3006334093efa822205d4b2c3fd8ff9
7
reference_url https://github.com/moodle/moodle/commit/9f2967e301d123d11625f3b6948e1ee538086791
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/9f2967e301d123d11625f3b6948e1ee538086791
8
reference_url https://github.com/moodle/moodle/commit/c3cd5e1db9de4f1a634492d99990534e30518066
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/c3cd5e1db9de4f1a634492d99990534e30518066
9
reference_url https://github.com/moodle/moodle/commit/d65634044ebaa738f55bdec521beb42844d6916a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle/commit/d65634044ebaa738f55bdec521beb42844d6916a
10
reference_url https://moodle.org/mod/forum/discuss.php?d=256420
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=256420
11
reference_url https://typo3.org/security/advisory/typo3-core-sa-2015-007
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2015-007
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-7341
reference_id CVE-2013-7341
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2013-7341
13
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2013-7341.yaml
reference_id CVE-2013-7341.YAML
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2013-7341.yaml
14
reference_url https://github.com/advisories/GHSA-j6c3-3c4w-qv8p
reference_id GHSA-j6c3-3c4w-qv8p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-j6c3-3c4w-qv8p
fixed_packages
0
url pkg:composer/typo3/cms@7.3.1
purl pkg:composer/typo3/cms@7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5hm4-ms5p-uuae
5
vulnerability VCID-66kh-c1dm-8fbf
6
vulnerability VCID-8jcy-3kje-fqeh
7
vulnerability VCID-953t-q1cr-zyd6
8
vulnerability VCID-abjx-8v46-d7d8
9
vulnerability VCID-ansr-8m5j-pya6
10
vulnerability VCID-c57c-akce-xufq
11
vulnerability VCID-dsqm-9q3e-dudw
12
vulnerability VCID-e1ms-4r4s-g7e7
13
vulnerability VCID-e2bk-pfbe-puek
14
vulnerability VCID-e82x-2cdb-7fgn
15
vulnerability VCID-ev4k-5k1d-2bhu
16
vulnerability VCID-fdnw-2tz5-4fdr
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-gpv4-4tpd-tbaa
19
vulnerability VCID-hm4k-wbq3-r7ej
20
vulnerability VCID-hp99-ncuh-6ugv
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-hyx9-8ae6-sba8
23
vulnerability VCID-j6x1-dfre-2bdq
24
vulnerability VCID-jp1p-rfxa-hyd9
25
vulnerability VCID-jq5y-7h9g-mufa
26
vulnerability VCID-jwb1-3sbg-kfa5
27
vulnerability VCID-n18b-qe5x-z7cj
28
vulnerability VCID-nhjv-nke2-2kf8
29
vulnerability VCID-njsj-bwjq-fyap
30
vulnerability VCID-p576-w7dd-p3h7
31
vulnerability VCID-p7gd-anw2-1qbz
32
vulnerability VCID-qcnh-z4zh-myaw
33
vulnerability VCID-qek9-g3h8-nfdz
34
vulnerability VCID-rs13-zf7b-mka7
35
vulnerability VCID-teby-zvvw-zkhv
36
vulnerability VCID-tzpj-j3x1-ekgk
37
vulnerability VCID-u6h1-ccgw-jqds
38
vulnerability VCID-ub3e-hrb1-wqac
39
vulnerability VCID-uq77-aax5-k7d8
40
vulnerability VCID-vq15-t92r-5bhx
41
vulnerability VCID-wms8-dnuz-b3hc
42
vulnerability VCID-xvyu-2hb8-8ufh
43
vulnerability VCID-xw1s-93bu-wuh9
44
vulnerability VCID-yz6t-ge1y-qfgr
45
vulnerability VCID-zru2-9g25-77dc
46
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.1
aliases CVE-2013-7341, GHSA-j6c3-3c4w-qv8p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ru2-1n1f-afa4
7
url VCID-66kh-c1dm-8fbf
vulnerability_id VCID-66kh-c1dm-8fbf
summary 
Authentication Bypass in TYPO3 CMS
It has been discovered that TYPO3’s Salted Password system extension (which is a mandatory system component) is vulnerable to Authentication Bypass when using hashing methods which are related by PHP class inheritance. In standard TYPO3 core distributions stored passwords using the blowfish hashing algorithm can be overridden when using MD5 as the default hashing algorithm by just knowing a valid username. Per default the Portable PHP hashing algorithm (PHPass) is used which is not vulnerable.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-1.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-1.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-001
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-001
3
reference_url https://github.com/advisories/GHSA-6f9m-v7mp-7jjq
reference_id GHSA-6f9m-v7mp-7jjq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6f9m-v7mp-7jjq
fixed_packages
0
url pkg:composer/typo3/cms@7.6.30
purl pkg:composer/typo3/cms@7.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-953t-q1cr-zyd6
5
vulnerability VCID-dsqm-9q3e-dudw
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fdnw-2tz5-4fdr
8
vulnerability VCID-fqkx-v8t5-q3h6
9
vulnerability VCID-gpv4-4tpd-tbaa
10
vulnerability VCID-hp99-ncuh-6ugv
11
vulnerability VCID-hsw8-nbs6-auaa
12
vulnerability VCID-hyx9-8ae6-sba8
13
vulnerability VCID-jp1p-rfxa-hyd9
14
vulnerability VCID-jq5y-7h9g-mufa
15
vulnerability VCID-jwb1-3sbg-kfa5
16
vulnerability VCID-p576-w7dd-p3h7
17
vulnerability VCID-p7gd-anw2-1qbz
18
vulnerability VCID-teby-zvvw-zkhv
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-tzpj-j3x1-ekgk
21
vulnerability VCID-uq77-aax5-k7d8
22
vulnerability VCID-xvyu-2hb8-8ufh
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-yz6t-ge1y-qfgr
25
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30
1
url pkg:composer/typo3/cms@8.7.17
purl pkg:composer/typo3/cms@8.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-6a22-c7x5-sqe2
11
vulnerability VCID-7ch1-q9f4-a7bt
12
vulnerability VCID-7m6u-k5tp-gkhy
13
vulnerability VCID-848u-w88s-5bbe
14
vulnerability VCID-94r9-hh4g-jkej
15
vulnerability VCID-953t-q1cr-zyd6
16
vulnerability VCID-9yu1-z7c2-t3fj
17
vulnerability VCID-am6s-67bm-77dr
18
vulnerability VCID-bn3p-39sv-6fdg
19
vulnerability VCID-buj5-2t53-3kcr
20
vulnerability VCID-dsqm-9q3e-dudw
21
vulnerability VCID-emqq-kwjg-3kfk
22
vulnerability VCID-ev4k-5k1d-2bhu
23
vulnerability VCID-f319-jpf5-hyex
24
vulnerability VCID-fdnw-2tz5-4fdr
25
vulnerability VCID-fqkc-utex-3kav
26
vulnerability VCID-fqkx-v8t5-q3h6
27
vulnerability VCID-fut7-bb1f-37g7
28
vulnerability VCID-gpv4-4tpd-tbaa
29
vulnerability VCID-hp99-ncuh-6ugv
30
vulnerability VCID-hsw8-nbs6-auaa
31
vulnerability VCID-hyx9-8ae6-sba8
32
vulnerability VCID-j8hk-bqnb-gycp
33
vulnerability VCID-jp1p-rfxa-hyd9
34
vulnerability VCID-jq5y-7h9g-mufa
35
vulnerability VCID-jwb1-3sbg-kfa5
36
vulnerability VCID-k5t3-28es-h3ez
37
vulnerability VCID-khpm-e1xb-hydb
38
vulnerability VCID-nney-azbc-pucg
39
vulnerability VCID-p576-w7dd-p3h7
40
vulnerability VCID-p7gd-anw2-1qbz
41
vulnerability VCID-pmvp-twk2-jqe4
42
vulnerability VCID-q7vt-19eb-sqeq
43
vulnerability VCID-qdxh-arxx-wbcr
44
vulnerability VCID-qv14-m93d-jyd9
45
vulnerability VCID-qxab-9uwr-yqhv
46
vulnerability VCID-rqrw-t2kj-mud8
47
vulnerability VCID-ru6w-m6q6-27gn
48
vulnerability VCID-sdjb-gp4t-vbgt
49
vulnerability VCID-sdsa-mh76-kqch
50
vulnerability VCID-teby-zvvw-zkhv
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-uq77-aax5-k7d8
56
vulnerability VCID-vw2r-g8yy-eyf4
57
vulnerability VCID-w483-prq4-rycx
58
vulnerability VCID-wat8-4m83-hken
59
vulnerability VCID-x5x1-w7yv-eye9
60
vulnerability VCID-xvyu-2hb8-8ufh
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-yz6t-ge1y-qfgr
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zmwv-gwq3-fkej
67
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17
2
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-28fn-ncj5-2ufk
5
vulnerability VCID-2rhr-8vaz-hqfj
6
vulnerability VCID-2rmv-a83x-9ka8
7
vulnerability VCID-39vn-73mc-jqav
8
vulnerability VCID-3k2k-a3gb-n3ba
9
vulnerability VCID-3ugj-6m1e-e3hr
10
vulnerability VCID-3ye6-vqje-abh4
11
vulnerability VCID-4an7-9ph4-mkd4
12
vulnerability VCID-4eym-e6vt-8fbs
13
vulnerability VCID-4jck-w9ct-budk
14
vulnerability VCID-5k47-9k7t-rqak
15
vulnerability VCID-6a22-c7x5-sqe2
16
vulnerability VCID-6mnf-2fcw-dqgp
17
vulnerability VCID-7ch1-q9f4-a7bt
18
vulnerability VCID-7m6u-k5tp-gkhy
19
vulnerability VCID-7xv1-78u7-xufp
20
vulnerability VCID-848u-w88s-5bbe
21
vulnerability VCID-8w4e-d49b-nbg8
22
vulnerability VCID-94r9-hh4g-jkej
23
vulnerability VCID-953t-q1cr-zyd6
24
vulnerability VCID-9adx-p876-kyb5
25
vulnerability VCID-9yu1-z7c2-t3fj
26
vulnerability VCID-a1g9-pyz5-9fca
27
vulnerability VCID-am6s-67bm-77dr
28
vulnerability VCID-bbh5-rss8-bfct
29
vulnerability VCID-buj5-2t53-3kcr
30
vulnerability VCID-cvk2-93hm-gkhx
31
vulnerability VCID-dsqm-9q3e-dudw
32
vulnerability VCID-e6zr-4bgg-kkh5
33
vulnerability VCID-emqq-kwjg-3kfk
34
vulnerability VCID-ev4k-5k1d-2bhu
35
vulnerability VCID-f319-jpf5-hyex
36
vulnerability VCID-f4n7-q72x-3yea
37
vulnerability VCID-fqkc-utex-3kav
38
vulnerability VCID-fqkx-v8t5-q3h6
39
vulnerability VCID-fut7-bb1f-37g7
40
vulnerability VCID-gpv4-4tpd-tbaa
41
vulnerability VCID-hp99-ncuh-6ugv
42
vulnerability VCID-hsw8-nbs6-auaa
43
vulnerability VCID-j8hk-bqnb-gycp
44
vulnerability VCID-jp1p-rfxa-hyd9
45
vulnerability VCID-jq5y-7h9g-mufa
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-n1gz-y615-cbbk
50
vulnerability VCID-nney-azbc-pucg
51
vulnerability VCID-p576-w7dd-p3h7
52
vulnerability VCID-p7gd-anw2-1qbz
53
vulnerability VCID-pmvp-twk2-jqe4
54
vulnerability VCID-q2t1-kx56-s3c3
55
vulnerability VCID-q7vt-19eb-sqeq
56
vulnerability VCID-qdxh-arxx-wbcr
57
vulnerability VCID-qv14-m93d-jyd9
58
vulnerability VCID-qxab-9uwr-yqhv
59
vulnerability VCID-rqrw-t2kj-mud8
60
vulnerability VCID-ru6w-m6q6-27gn
61
vulnerability VCID-sdjb-gp4t-vbgt
62
vulnerability VCID-sdsa-mh76-kqch
63
vulnerability VCID-teby-zvvw-zkhv
64
vulnerability VCID-tgyt-axv1-c7ag
65
vulnerability VCID-tzpj-j3x1-ekgk
66
vulnerability VCID-u259-2sxq-tbct
67
vulnerability VCID-u6as-cwxc-pkhk
68
vulnerability VCID-un7r-8sah-33cr
69
vulnerability VCID-uq77-aax5-k7d8
70
vulnerability VCID-vw2r-g8yy-eyf4
71
vulnerability VCID-w7z1-aw31-vugx
72
vulnerability VCID-wat8-4m83-hken
73
vulnerability VCID-x5x1-w7yv-eye9
74
vulnerability VCID-xvyu-2hb8-8ufh
75
vulnerability VCID-xw1s-93bu-wuh9
76
vulnerability VCID-y7ds-p5r2-yuhq
77
vulnerability VCID-yh6b-tc4u-v3bk
78
vulnerability VCID-yz6t-ge1y-qfgr
79
vulnerability VCID-zeut-9wfp-q7et
80
vulnerability VCID-zgfw-pk39-gyg8
81
vulnerability VCID-zkvq-bms4-gfcv
82
vulnerability VCID-zmwv-gwq3-fkej
83
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GHSA-6f9m-v7mp-7jjq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66kh-c1dm-8fbf
8
url VCID-7n9x-c9gs-9yb3
vulnerability_id VCID-7n9x-c9gs-9yb3
summary 
Cross-site Scripting
Cross-Site Scripting in 3rd party library Flowplayer.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-007/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-007/
fixed_packages
0
url pkg:composer/typo3/cms@7.3.0
purl pkg:composer/typo3/cms@7.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5hm4-ms5p-uuae
5
vulnerability VCID-5ru2-1n1f-afa4
6
vulnerability VCID-66kh-c1dm-8fbf
7
vulnerability VCID-8jcy-3kje-fqeh
8
vulnerability VCID-953t-q1cr-zyd6
9
vulnerability VCID-9899-uxyb-73gg
10
vulnerability VCID-abjx-8v46-d7d8
11
vulnerability VCID-ansr-8m5j-pya6
12
vulnerability VCID-c57c-akce-xufq
13
vulnerability VCID-cgqm-1wwf-kbg6
14
vulnerability VCID-dsqm-9q3e-dudw
15
vulnerability VCID-dyhd-5p1e-fya6
16
vulnerability VCID-e1ms-4r4s-g7e7
17
vulnerability VCID-e2bk-pfbe-puek
18
vulnerability VCID-e82x-2cdb-7fgn
19
vulnerability VCID-ev4k-5k1d-2bhu
20
vulnerability VCID-fdnw-2tz5-4fdr
21
vulnerability VCID-fqkx-v8t5-q3h6
22
vulnerability VCID-gpv4-4tpd-tbaa
23
vulnerability VCID-hm4k-wbq3-r7ej
24
vulnerability VCID-hp99-ncuh-6ugv
25
vulnerability VCID-hsw8-nbs6-auaa
26
vulnerability VCID-hyx9-8ae6-sba8
27
vulnerability VCID-j6x1-dfre-2bdq
28
vulnerability VCID-jp1p-rfxa-hyd9
29
vulnerability VCID-jq5y-7h9g-mufa
30
vulnerability VCID-jwb1-3sbg-kfa5
31
vulnerability VCID-n18b-qe5x-z7cj
32
vulnerability VCID-nhjv-nke2-2kf8
33
vulnerability VCID-njsj-bwjq-fyap
34
vulnerability VCID-p576-w7dd-p3h7
35
vulnerability VCID-p7gd-anw2-1qbz
36
vulnerability VCID-qcnh-z4zh-myaw
37
vulnerability VCID-qek9-g3h8-nfdz
38
vulnerability VCID-rs13-zf7b-mka7
39
vulnerability VCID-teby-zvvw-zkhv
40
vulnerability VCID-tzpj-j3x1-ekgk
41
vulnerability VCID-u6h1-ccgw-jqds
42
vulnerability VCID-ub3e-hrb1-wqac
43
vulnerability VCID-uq77-aax5-k7d8
44
vulnerability VCID-vq15-t92r-5bhx
45
vulnerability VCID-w65h-8a9d-ckgj
46
vulnerability VCID-wms8-dnuz-b3hc
47
vulnerability VCID-xvyu-2hb8-8ufh
48
vulnerability VCID-xw1s-93bu-wuh9
49
vulnerability VCID-ys6f-g39p-fkfc
50
vulnerability VCID-yz6t-ge1y-qfgr
51
vulnerability VCID-zru2-9g25-77dc
52
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0
aliases GMS-2015-85
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7n9x-c9gs-9yb3
9
url VCID-8jcy-3kje-fqeh
vulnerability_id VCID-8jcy-3kje-fqeh
summary 
Cache Flooding in Frontend
Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the number of available valid links with a cHash, attackers could add a considerable amount of additional cache entries, which in the end exceed storage limits and thus could lead to the system not responding any more. This means the Cache Flooding attack potentially could lead to a successful Denial of Service (DoS) attack.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-022
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-022
fixed_packages
0
url pkg:composer/typo3/cms@7.6.11
purl pkg:composer/typo3/cms@7.6.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-4wnp-gusy-43b8
5
vulnerability VCID-5dxs-cdht-27hw
6
vulnerability VCID-5u2f-5zzf-j3e4
7
vulnerability VCID-66kh-c1dm-8fbf
8
vulnerability VCID-66ru-n2df-b3ay
9
vulnerability VCID-727q-h3ey-6yc9
10
vulnerability VCID-953t-q1cr-zyd6
11
vulnerability VCID-9726-hafj-wkay
12
vulnerability VCID-9saf-w56y-pugz
13
vulnerability VCID-abjx-8v46-d7d8
14
vulnerability VCID-dsqm-9q3e-dudw
15
vulnerability VCID-e564-zdku-9fc6
16
vulnerability VCID-eutz-mj58-audb
17
vulnerability VCID-ev4k-5k1d-2bhu
18
vulnerability VCID-fdnw-2tz5-4fdr
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-gpv4-4tpd-tbaa
21
vulnerability VCID-h217-xe8x-nua3
22
vulnerability VCID-h7cg-64er-uya9
23
vulnerability VCID-h7hf-sf2q-73ay
24
vulnerability VCID-hp99-ncuh-6ugv
25
vulnerability VCID-hsw8-nbs6-auaa
26
vulnerability VCID-hyx9-8ae6-sba8
27
vulnerability VCID-j8sh-5evd-dkaz
28
vulnerability VCID-jp1p-rfxa-hyd9
29
vulnerability VCID-jq5y-7h9g-mufa
30
vulnerability VCID-jqe4-8hzb-mfea
31
vulnerability VCID-jwb1-3sbg-kfa5
32
vulnerability VCID-mctp-nf36-7qdn
33
vulnerability VCID-njsj-bwjq-fyap
34
vulnerability VCID-p576-w7dd-p3h7
35
vulnerability VCID-p7gd-anw2-1qbz
36
vulnerability VCID-qcnh-z4zh-myaw
37
vulnerability VCID-sy7r-d6pv-yba9
38
vulnerability VCID-teby-zvvw-zkhv
39
vulnerability VCID-tgyt-axv1-c7ag
40
vulnerability VCID-tzpj-j3x1-ekgk
41
vulnerability VCID-u5he-6tqb-gqaf
42
vulnerability VCID-uq77-aax5-k7d8
43
vulnerability VCID-vq15-t92r-5bhx
44
vulnerability VCID-w58p-3wg1-7ycr
45
vulnerability VCID-xh68-defe-f7ce
46
vulnerability VCID-xpxg-qq49-b7fd
47
vulnerability VCID-xvyu-2hb8-8ufh
48
vulnerability VCID-xw1s-93bu-wuh9
49
vulnerability VCID-ygw4-jdqu-4fbt
50
vulnerability VCID-yz6t-ge1y-qfgr
51
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.11
1
url pkg:composer/typo3/cms@8.0.0
purl pkg:composer/typo3/cms@8.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2r7u-mc45-8yhe
5
vulnerability VCID-2rhr-8vaz-hqfj
6
vulnerability VCID-2rmv-a83x-9ka8
7
vulnerability VCID-2vpx-fqb6-aqfa
8
vulnerability VCID-39jx-muqb-nkfq
9
vulnerability VCID-39vn-73mc-jqav
10
vulnerability VCID-3ugj-6m1e-e3hr
11
vulnerability VCID-4eym-e6vt-8fbs
12
vulnerability VCID-4wnp-gusy-43b8
13
vulnerability VCID-5dxs-cdht-27hw
14
vulnerability VCID-5k47-9k7t-rqak
15
vulnerability VCID-5u2f-5zzf-j3e4
16
vulnerability VCID-66kh-c1dm-8fbf
17
vulnerability VCID-66ru-n2df-b3ay
18
vulnerability VCID-6su8-bbrw-hbhp
19
vulnerability VCID-727q-h3ey-6yc9
20
vulnerability VCID-7ch1-q9f4-a7bt
21
vulnerability VCID-7m6u-k5tp-gkhy
22
vulnerability VCID-848u-w88s-5bbe
23
vulnerability VCID-8p64-6zpt-t3av
24
vulnerability VCID-94r9-hh4g-jkej
25
vulnerability VCID-953t-q1cr-zyd6
26
vulnerability VCID-9726-hafj-wkay
27
vulnerability VCID-9saf-w56y-pugz
28
vulnerability VCID-9yu1-z7c2-t3fj
29
vulnerability VCID-abjx-8v46-d7d8
30
vulnerability VCID-am6s-67bm-77dr
31
vulnerability VCID-bn3p-39sv-6fdg
32
vulnerability VCID-bq2j-t19h-zyad
33
vulnerability VCID-bstt-ybrs-5ua3
34
vulnerability VCID-buj5-2t53-3kcr
35
vulnerability VCID-cbmm-1b2k-8qaz
36
vulnerability VCID-d6c2-upx1-e7cd
37
vulnerability VCID-dsqm-9q3e-dudw
38
vulnerability VCID-e564-zdku-9fc6
39
vulnerability VCID-emqq-kwjg-3kfk
40
vulnerability VCID-eutz-mj58-audb
41
vulnerability VCID-ev4k-5k1d-2bhu
42
vulnerability VCID-f319-jpf5-hyex
43
vulnerability VCID-fdnw-2tz5-4fdr
44
vulnerability VCID-fgqa-5fx9-nkaz
45
vulnerability VCID-fh61-7rfy-s3hg
46
vulnerability VCID-fqkc-utex-3kav
47
vulnerability VCID-fqkx-v8t5-q3h6
48
vulnerability VCID-fut7-bb1f-37g7
49
vulnerability VCID-g7mm-vjbw-bbhd
50
vulnerability VCID-gk79-jtuz-myh6
51
vulnerability VCID-gpv4-4tpd-tbaa
52
vulnerability VCID-h217-xe8x-nua3
53
vulnerability VCID-h7cg-64er-uya9
54
vulnerability VCID-h7hf-sf2q-73ay
55
vulnerability VCID-hp99-ncuh-6ugv
56
vulnerability VCID-hsw8-nbs6-auaa
57
vulnerability VCID-hyx9-8ae6-sba8
58
vulnerability VCID-hzma-cduk-3uhp
59
vulnerability VCID-j8hk-bqnb-gycp
60
vulnerability VCID-j8sh-5evd-dkaz
61
vulnerability VCID-jeqr-9tfu-f7b2
62
vulnerability VCID-jf28-91be-6kbr
63
vulnerability VCID-jmea-qzsr-wkf4
64
vulnerability VCID-jn38-wfec-7bb2
65
vulnerability VCID-jp1p-rfxa-hyd9
66
vulnerability VCID-jq5y-7h9g-mufa
67
vulnerability VCID-jqe4-8hzb-mfea
68
vulnerability VCID-jwb1-3sbg-kfa5
69
vulnerability VCID-k5t3-28es-h3ez
70
vulnerability VCID-khpm-e1xb-hydb
71
vulnerability VCID-ks1q-a8x2-uqht
72
vulnerability VCID-m3nc-xbb4-yubr
73
vulnerability VCID-mctp-nf36-7qdn
74
vulnerability VCID-nhjv-nke2-2kf8
75
vulnerability VCID-njsj-bwjq-fyap
76
vulnerability VCID-nney-azbc-pucg
77
vulnerability VCID-nvbp-pbjw-3qgx
78
vulnerability VCID-p576-w7dd-p3h7
79
vulnerability VCID-p7gd-anw2-1qbz
80
vulnerability VCID-pmvp-twk2-jqe4
81
vulnerability VCID-q2ym-y2rz-1bdn
82
vulnerability VCID-q52p-xfj8-gygd
83
vulnerability VCID-q7vt-19eb-sqeq
84
vulnerability VCID-qcnh-z4zh-myaw
85
vulnerability VCID-qdxh-arxx-wbcr
86
vulnerability VCID-qv14-m93d-jyd9
87
vulnerability VCID-qxab-9uwr-yqhv
88
vulnerability VCID-rqrw-t2kj-mud8
89
vulnerability VCID-ru6w-m6q6-27gn
90
vulnerability VCID-sdjb-gp4t-vbgt
91
vulnerability VCID-sdsa-mh76-kqch
92
vulnerability VCID-sdz8-hju8-4bcb
93
vulnerability VCID-sy7r-d6pv-yba9
94
vulnerability VCID-teby-zvvw-zkhv
95
vulnerability VCID-tzpj-j3x1-ekgk
96
vulnerability VCID-u259-2sxq-tbct
97
vulnerability VCID-u4tq-8qnk-5fd7
98
vulnerability VCID-u5he-6tqb-gqaf
99
vulnerability VCID-u6as-cwxc-pkhk
100
vulnerability VCID-uq77-aax5-k7d8
101
vulnerability VCID-vq15-t92r-5bhx
102
vulnerability VCID-vw2r-g8yy-eyf4
103
vulnerability VCID-w483-prq4-rycx
104
vulnerability VCID-w58p-3wg1-7ycr
105
vulnerability VCID-wat8-4m83-hken
106
vulnerability VCID-wy45-2gmr-fkfg
107
vulnerability VCID-x175-xjek-97ds
108
vulnerability VCID-x5x1-w7yv-eye9
109
vulnerability VCID-xh68-defe-f7ce
110
vulnerability VCID-xpxg-qq49-b7fd
111
vulnerability VCID-xvyu-2hb8-8ufh
112
vulnerability VCID-xw1s-93bu-wuh9
113
vulnerability VCID-y7ds-p5r2-yuhq
114
vulnerability VCID-ygw4-jdqu-4fbt
115
vulnerability VCID-yh6b-tc4u-v3bk
116
vulnerability VCID-yn6z-9v7k-x7br
117
vulnerability VCID-yz6t-ge1y-qfgr
118
vulnerability VCID-zgfw-pk39-gyg8
119
vulnerability VCID-zmwv-gwq3-fkej
120
vulnerability VCID-zrz3-3dnf-tbay
121
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.0.0
2
url pkg:composer/typo3/cms@8.3.1
purl pkg:composer/typo3/cms@8.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-4wnp-gusy-43b8
10
vulnerability VCID-5dxs-cdht-27hw
11
vulnerability VCID-5k47-9k7t-rqak
12
vulnerability VCID-5u2f-5zzf-j3e4
13
vulnerability VCID-66kh-c1dm-8fbf
14
vulnerability VCID-66ru-n2df-b3ay
15
vulnerability VCID-727q-h3ey-6yc9
16
vulnerability VCID-7ch1-q9f4-a7bt
17
vulnerability VCID-7m6u-k5tp-gkhy
18
vulnerability VCID-848u-w88s-5bbe
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-953t-q1cr-zyd6
21
vulnerability VCID-9726-hafj-wkay
22
vulnerability VCID-9saf-w56y-pugz
23
vulnerability VCID-9yu1-z7c2-t3fj
24
vulnerability VCID-abjx-8v46-d7d8
25
vulnerability VCID-am6s-67bm-77dr
26
vulnerability VCID-bn3p-39sv-6fdg
27
vulnerability VCID-buj5-2t53-3kcr
28
vulnerability VCID-d6c2-upx1-e7cd
29
vulnerability VCID-dsqm-9q3e-dudw
30
vulnerability VCID-e564-zdku-9fc6
31
vulnerability VCID-emqq-kwjg-3kfk
32
vulnerability VCID-eutz-mj58-audb
33
vulnerability VCID-ev4k-5k1d-2bhu
34
vulnerability VCID-f319-jpf5-hyex
35
vulnerability VCID-f837-rs5d-jbbp
36
vulnerability VCID-fdnw-2tz5-4fdr
37
vulnerability VCID-fqkc-utex-3kav
38
vulnerability VCID-fqkx-v8t5-q3h6
39
vulnerability VCID-fut7-bb1f-37g7
40
vulnerability VCID-gpv4-4tpd-tbaa
41
vulnerability VCID-h217-xe8x-nua3
42
vulnerability VCID-h7cg-64er-uya9
43
vulnerability VCID-h7hf-sf2q-73ay
44
vulnerability VCID-hg2n-xera-jkdh
45
vulnerability VCID-hp99-ncuh-6ugv
46
vulnerability VCID-hsw8-nbs6-auaa
47
vulnerability VCID-hyx9-8ae6-sba8
48
vulnerability VCID-j8hk-bqnb-gycp
49
vulnerability VCID-j8sh-5evd-dkaz
50
vulnerability VCID-jp1p-rfxa-hyd9
51
vulnerability VCID-jq5y-7h9g-mufa
52
vulnerability VCID-jqe4-8hzb-mfea
53
vulnerability VCID-jwb1-3sbg-kfa5
54
vulnerability VCID-k5t3-28es-h3ez
55
vulnerability VCID-khpm-e1xb-hydb
56
vulnerability VCID-mctp-nf36-7qdn
57
vulnerability VCID-njsj-bwjq-fyap
58
vulnerability VCID-nney-azbc-pucg
59
vulnerability VCID-p576-w7dd-p3h7
60
vulnerability VCID-p7gd-anw2-1qbz
61
vulnerability VCID-pmvp-twk2-jqe4
62
vulnerability VCID-q2ym-y2rz-1bdn
63
vulnerability VCID-q52p-xfj8-gygd
64
vulnerability VCID-q7vt-19eb-sqeq
65
vulnerability VCID-qcnh-z4zh-myaw
66
vulnerability VCID-qdxh-arxx-wbcr
67
vulnerability VCID-qv14-m93d-jyd9
68
vulnerability VCID-qxab-9uwr-yqhv
69
vulnerability VCID-rqrw-t2kj-mud8
70
vulnerability VCID-ru6w-m6q6-27gn
71
vulnerability VCID-sdjb-gp4t-vbgt
72
vulnerability VCID-sdsa-mh76-kqch
73
vulnerability VCID-sy7r-d6pv-yba9
74
vulnerability VCID-teby-zvvw-zkhv
75
vulnerability VCID-tzpj-j3x1-ekgk
76
vulnerability VCID-u259-2sxq-tbct
77
vulnerability VCID-u5he-6tqb-gqaf
78
vulnerability VCID-u6as-cwxc-pkhk
79
vulnerability VCID-uq77-aax5-k7d8
80
vulnerability VCID-vq15-t92r-5bhx
81
vulnerability VCID-vw2r-g8yy-eyf4
82
vulnerability VCID-w483-prq4-rycx
83
vulnerability VCID-w58p-3wg1-7ycr
84
vulnerability VCID-wat8-4m83-hken
85
vulnerability VCID-wy45-2gmr-fkfg
86
vulnerability VCID-x5x1-w7yv-eye9
87
vulnerability VCID-xh68-defe-f7ce
88
vulnerability VCID-xpxg-qq49-b7fd
89
vulnerability VCID-xvyu-2hb8-8ufh
90
vulnerability VCID-xw1s-93bu-wuh9
91
vulnerability VCID-y7ds-p5r2-yuhq
92
vulnerability VCID-ygw4-jdqu-4fbt
93
vulnerability VCID-yh6b-tc4u-v3bk
94
vulnerability VCID-yz6t-ge1y-qfgr
95
vulnerability VCID-zgfw-pk39-gyg8
96
vulnerability VCID-zmwv-gwq3-fkej
97
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.3.1
aliases TYPO3-CORE-SA-2016-022
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8jcy-3kje-fqeh
10
url VCID-953t-q1cr-zyd6
vulnerability_id VCID-953t-q1cr-zyd6
summary 
Cross-site Scripting
Cross-Site Scripting in Backend Modal Component.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-007/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-007/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-98
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-953t-q1cr-zyd6
11
url VCID-9899-uxyb-73gg
vulnerability_id VCID-9899-uxyb-73gg
summary 
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts
It has been discovered, that editors with access to file meta data table could change, create or delete metadata of files which are not within their file mounts.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-1.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-1.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/0decbf83c531cab77497429eb2edecf9a1038b25
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/0decbf83c531cab77497429eb2edecf9a1038b25
3
reference_url https://github.com/TYPO3/typo3/commit/bff9fa5945801d1d2c641ddc8eb86c6647549d80
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/bff9fa5945801d1d2c641ddc8eb86c6647549d80
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2015-002
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2015-002
5
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002
6
reference_url https://github.com/advisories/GHSA-4r76-xr68-w7m7
reference_id GHSA-4r76-xr68-w7m7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4r76-xr68-w7m7
fixed_packages
0
url pkg:composer/typo3/cms@7.3.1
purl pkg:composer/typo3/cms@7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5hm4-ms5p-uuae
5
vulnerability VCID-66kh-c1dm-8fbf
6
vulnerability VCID-8jcy-3kje-fqeh
7
vulnerability VCID-953t-q1cr-zyd6
8
vulnerability VCID-abjx-8v46-d7d8
9
vulnerability VCID-ansr-8m5j-pya6
10
vulnerability VCID-c57c-akce-xufq
11
vulnerability VCID-dsqm-9q3e-dudw
12
vulnerability VCID-e1ms-4r4s-g7e7
13
vulnerability VCID-e2bk-pfbe-puek
14
vulnerability VCID-e82x-2cdb-7fgn
15
vulnerability VCID-ev4k-5k1d-2bhu
16
vulnerability VCID-fdnw-2tz5-4fdr
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-gpv4-4tpd-tbaa
19
vulnerability VCID-hm4k-wbq3-r7ej
20
vulnerability VCID-hp99-ncuh-6ugv
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-hyx9-8ae6-sba8
23
vulnerability VCID-j6x1-dfre-2bdq
24
vulnerability VCID-jp1p-rfxa-hyd9
25
vulnerability VCID-jq5y-7h9g-mufa
26
vulnerability VCID-jwb1-3sbg-kfa5
27
vulnerability VCID-n18b-qe5x-z7cj
28
vulnerability VCID-nhjv-nke2-2kf8
29
vulnerability VCID-njsj-bwjq-fyap
30
vulnerability VCID-p576-w7dd-p3h7
31
vulnerability VCID-p7gd-anw2-1qbz
32
vulnerability VCID-qcnh-z4zh-myaw
33
vulnerability VCID-qek9-g3h8-nfdz
34
vulnerability VCID-rs13-zf7b-mka7
35
vulnerability VCID-teby-zvvw-zkhv
36
vulnerability VCID-tzpj-j3x1-ekgk
37
vulnerability VCID-u6h1-ccgw-jqds
38
vulnerability VCID-ub3e-hrb1-wqac
39
vulnerability VCID-uq77-aax5-k7d8
40
vulnerability VCID-vq15-t92r-5bhx
41
vulnerability VCID-wms8-dnuz-b3hc
42
vulnerability VCID-xvyu-2hb8-8ufh
43
vulnerability VCID-xw1s-93bu-wuh9
44
vulnerability VCID-yz6t-ge1y-qfgr
45
vulnerability VCID-zru2-9g25-77dc
46
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.1
aliases GHSA-4r76-xr68-w7m7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9899-uxyb-73gg
12
url VCID-abjx-8v46-d7d8
vulnerability_id VCID-abjx-8v46-d7d8
summary 
Improper Authentication
Authentication Bypass in TYPO3 CMS.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-001/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-001/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.30
purl pkg:composer/typo3/cms@7.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-953t-q1cr-zyd6
5
vulnerability VCID-dsqm-9q3e-dudw
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fdnw-2tz5-4fdr
8
vulnerability VCID-fqkx-v8t5-q3h6
9
vulnerability VCID-gpv4-4tpd-tbaa
10
vulnerability VCID-hp99-ncuh-6ugv
11
vulnerability VCID-hsw8-nbs6-auaa
12
vulnerability VCID-hyx9-8ae6-sba8
13
vulnerability VCID-jp1p-rfxa-hyd9
14
vulnerability VCID-jq5y-7h9g-mufa
15
vulnerability VCID-jwb1-3sbg-kfa5
16
vulnerability VCID-p576-w7dd-p3h7
17
vulnerability VCID-p7gd-anw2-1qbz
18
vulnerability VCID-teby-zvvw-zkhv
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-tzpj-j3x1-ekgk
21
vulnerability VCID-uq77-aax5-k7d8
22
vulnerability VCID-xvyu-2hb8-8ufh
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-yz6t-ge1y-qfgr
25
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30
1
url pkg:composer/typo3/cms@8.7.17
purl pkg:composer/typo3/cms@8.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-6a22-c7x5-sqe2
11
vulnerability VCID-7ch1-q9f4-a7bt
12
vulnerability VCID-7m6u-k5tp-gkhy
13
vulnerability VCID-848u-w88s-5bbe
14
vulnerability VCID-94r9-hh4g-jkej
15
vulnerability VCID-953t-q1cr-zyd6
16
vulnerability VCID-9yu1-z7c2-t3fj
17
vulnerability VCID-am6s-67bm-77dr
18
vulnerability VCID-bn3p-39sv-6fdg
19
vulnerability VCID-buj5-2t53-3kcr
20
vulnerability VCID-dsqm-9q3e-dudw
21
vulnerability VCID-emqq-kwjg-3kfk
22
vulnerability VCID-ev4k-5k1d-2bhu
23
vulnerability VCID-f319-jpf5-hyex
24
vulnerability VCID-fdnw-2tz5-4fdr
25
vulnerability VCID-fqkc-utex-3kav
26
vulnerability VCID-fqkx-v8t5-q3h6
27
vulnerability VCID-fut7-bb1f-37g7
28
vulnerability VCID-gpv4-4tpd-tbaa
29
vulnerability VCID-hp99-ncuh-6ugv
30
vulnerability VCID-hsw8-nbs6-auaa
31
vulnerability VCID-hyx9-8ae6-sba8
32
vulnerability VCID-j8hk-bqnb-gycp
33
vulnerability VCID-jp1p-rfxa-hyd9
34
vulnerability VCID-jq5y-7h9g-mufa
35
vulnerability VCID-jwb1-3sbg-kfa5
36
vulnerability VCID-k5t3-28es-h3ez
37
vulnerability VCID-khpm-e1xb-hydb
38
vulnerability VCID-nney-azbc-pucg
39
vulnerability VCID-p576-w7dd-p3h7
40
vulnerability VCID-p7gd-anw2-1qbz
41
vulnerability VCID-pmvp-twk2-jqe4
42
vulnerability VCID-q7vt-19eb-sqeq
43
vulnerability VCID-qdxh-arxx-wbcr
44
vulnerability VCID-qv14-m93d-jyd9
45
vulnerability VCID-qxab-9uwr-yqhv
46
vulnerability VCID-rqrw-t2kj-mud8
47
vulnerability VCID-ru6w-m6q6-27gn
48
vulnerability VCID-sdjb-gp4t-vbgt
49
vulnerability VCID-sdsa-mh76-kqch
50
vulnerability VCID-teby-zvvw-zkhv
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-uq77-aax5-k7d8
56
vulnerability VCID-vw2r-g8yy-eyf4
57
vulnerability VCID-w483-prq4-rycx
58
vulnerability VCID-wat8-4m83-hken
59
vulnerability VCID-x5x1-w7yv-eye9
60
vulnerability VCID-xvyu-2hb8-8ufh
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-yz6t-ge1y-qfgr
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zmwv-gwq3-fkej
67
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17
2
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-28fn-ncj5-2ufk
5
vulnerability VCID-2rhr-8vaz-hqfj
6
vulnerability VCID-2rmv-a83x-9ka8
7
vulnerability VCID-39vn-73mc-jqav
8
vulnerability VCID-3k2k-a3gb-n3ba
9
vulnerability VCID-3ugj-6m1e-e3hr
10
vulnerability VCID-3ye6-vqje-abh4
11
vulnerability VCID-4an7-9ph4-mkd4
12
vulnerability VCID-4eym-e6vt-8fbs
13
vulnerability VCID-4jck-w9ct-budk
14
vulnerability VCID-5k47-9k7t-rqak
15
vulnerability VCID-6a22-c7x5-sqe2
16
vulnerability VCID-6mnf-2fcw-dqgp
17
vulnerability VCID-7ch1-q9f4-a7bt
18
vulnerability VCID-7m6u-k5tp-gkhy
19
vulnerability VCID-7xv1-78u7-xufp
20
vulnerability VCID-848u-w88s-5bbe
21
vulnerability VCID-8w4e-d49b-nbg8
22
vulnerability VCID-94r9-hh4g-jkej
23
vulnerability VCID-953t-q1cr-zyd6
24
vulnerability VCID-9adx-p876-kyb5
25
vulnerability VCID-9yu1-z7c2-t3fj
26
vulnerability VCID-a1g9-pyz5-9fca
27
vulnerability VCID-am6s-67bm-77dr
28
vulnerability VCID-bbh5-rss8-bfct
29
vulnerability VCID-buj5-2t53-3kcr
30
vulnerability VCID-cvk2-93hm-gkhx
31
vulnerability VCID-dsqm-9q3e-dudw
32
vulnerability VCID-e6zr-4bgg-kkh5
33
vulnerability VCID-emqq-kwjg-3kfk
34
vulnerability VCID-ev4k-5k1d-2bhu
35
vulnerability VCID-f319-jpf5-hyex
36
vulnerability VCID-f4n7-q72x-3yea
37
vulnerability VCID-fqkc-utex-3kav
38
vulnerability VCID-fqkx-v8t5-q3h6
39
vulnerability VCID-fut7-bb1f-37g7
40
vulnerability VCID-gpv4-4tpd-tbaa
41
vulnerability VCID-hp99-ncuh-6ugv
42
vulnerability VCID-hsw8-nbs6-auaa
43
vulnerability VCID-j8hk-bqnb-gycp
44
vulnerability VCID-jp1p-rfxa-hyd9
45
vulnerability VCID-jq5y-7h9g-mufa
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-n1gz-y615-cbbk
50
vulnerability VCID-nney-azbc-pucg
51
vulnerability VCID-p576-w7dd-p3h7
52
vulnerability VCID-p7gd-anw2-1qbz
53
vulnerability VCID-pmvp-twk2-jqe4
54
vulnerability VCID-q2t1-kx56-s3c3
55
vulnerability VCID-q7vt-19eb-sqeq
56
vulnerability VCID-qdxh-arxx-wbcr
57
vulnerability VCID-qv14-m93d-jyd9
58
vulnerability VCID-qxab-9uwr-yqhv
59
vulnerability VCID-rqrw-t2kj-mud8
60
vulnerability VCID-ru6w-m6q6-27gn
61
vulnerability VCID-sdjb-gp4t-vbgt
62
vulnerability VCID-sdsa-mh76-kqch
63
vulnerability VCID-teby-zvvw-zkhv
64
vulnerability VCID-tgyt-axv1-c7ag
65
vulnerability VCID-tzpj-j3x1-ekgk
66
vulnerability VCID-u259-2sxq-tbct
67
vulnerability VCID-u6as-cwxc-pkhk
68
vulnerability VCID-un7r-8sah-33cr
69
vulnerability VCID-uq77-aax5-k7d8
70
vulnerability VCID-vw2r-g8yy-eyf4
71
vulnerability VCID-w7z1-aw31-vugx
72
vulnerability VCID-wat8-4m83-hken
73
vulnerability VCID-x5x1-w7yv-eye9
74
vulnerability VCID-xvyu-2hb8-8ufh
75
vulnerability VCID-xw1s-93bu-wuh9
76
vulnerability VCID-y7ds-p5r2-yuhq
77
vulnerability VCID-yh6b-tc4u-v3bk
78
vulnerability VCID-yz6t-ge1y-qfgr
79
vulnerability VCID-zeut-9wfp-q7et
80
vulnerability VCID-zgfw-pk39-gyg8
81
vulnerability VCID-zkvq-bms4-gfcv
82
vulnerability VCID-zmwv-gwq3-fkej
83
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GMS-2018-93
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-abjx-8v46-d7d8
13
url VCID-ansr-8m5j-pya6
vulnerability_id VCID-ansr-8m5j-pya6
summary 
Cross-site Scripting
Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.1
purl pkg:composer/typo3/cms@7.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2r7u-mc45-8yhe
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-2vpx-fqb6-aqfa
5
vulnerability VCID-39jx-muqb-nkfq
6
vulnerability VCID-3ugj-6m1e-e3hr
7
vulnerability VCID-4wnp-gusy-43b8
8
vulnerability VCID-5dxs-cdht-27hw
9
vulnerability VCID-5hm4-ms5p-uuae
10
vulnerability VCID-5ppx-p8eq-mbgk
11
vulnerability VCID-5u2f-5zzf-j3e4
12
vulnerability VCID-66kh-c1dm-8fbf
13
vulnerability VCID-66ru-n2df-b3ay
14
vulnerability VCID-6su8-bbrw-hbhp
15
vulnerability VCID-727q-h3ey-6yc9
16
vulnerability VCID-8jcy-3kje-fqeh
17
vulnerability VCID-8p64-6zpt-t3av
18
vulnerability VCID-953t-q1cr-zyd6
19
vulnerability VCID-9726-hafj-wkay
20
vulnerability VCID-9saf-w56y-pugz
21
vulnerability VCID-abjx-8v46-d7d8
22
vulnerability VCID-bstt-ybrs-5ua3
23
vulnerability VCID-dd9u-w2y2-87h9
24
vulnerability VCID-dsqm-9q3e-dudw
25
vulnerability VCID-e564-zdku-9fc6
26
vulnerability VCID-ekvp-u4kk-kqdd
27
vulnerability VCID-eutz-mj58-audb
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-exjy-5cyn-zfg1
30
vulnerability VCID-fdnw-2tz5-4fdr
31
vulnerability VCID-fgqa-5fx9-nkaz
32
vulnerability VCID-fh61-7rfy-s3hg
33
vulnerability VCID-fqkx-v8t5-q3h6
34
vulnerability VCID-g7mm-vjbw-bbhd
35
vulnerability VCID-g9ns-sxkx-aqh1
36
vulnerability VCID-gpv4-4tpd-tbaa
37
vulnerability VCID-h217-xe8x-nua3
38
vulnerability VCID-h7cg-64er-uya9
39
vulnerability VCID-h7hf-sf2q-73ay
40
vulnerability VCID-hp99-ncuh-6ugv
41
vulnerability VCID-hsw8-nbs6-auaa
42
vulnerability VCID-hyx9-8ae6-sba8
43
vulnerability VCID-hzma-cduk-3uhp
44
vulnerability VCID-j8sh-5evd-dkaz
45
vulnerability VCID-jenc-czvj-g3gw
46
vulnerability VCID-jeqr-9tfu-f7b2
47
vulnerability VCID-jf28-91be-6kbr
48
vulnerability VCID-jmea-qzsr-wkf4
49
vulnerability VCID-jn38-wfec-7bb2
50
vulnerability VCID-jp1p-rfxa-hyd9
51
vulnerability VCID-jq5y-7h9g-mufa
52
vulnerability VCID-jqe4-8hzb-mfea
53
vulnerability VCID-jwb1-3sbg-kfa5
54
vulnerability VCID-kp2p-nbmg-ufen
55
vulnerability VCID-ks1q-a8x2-uqht
56
vulnerability VCID-m3nc-xbb4-yubr
57
vulnerability VCID-mctp-nf36-7qdn
58
vulnerability VCID-nhjv-nke2-2kf8
59
vulnerability VCID-njsj-bwjq-fyap
60
vulnerability VCID-nvbp-pbjw-3qgx
61
vulnerability VCID-p576-w7dd-p3h7
62
vulnerability VCID-p7gd-anw2-1qbz
63
vulnerability VCID-qcnh-z4zh-myaw
64
vulnerability VCID-s97a-nmk8-y3ay
65
vulnerability VCID-sdz8-hju8-4bcb
66
vulnerability VCID-sy7r-d6pv-yba9
67
vulnerability VCID-teby-zvvw-zkhv
68
vulnerability VCID-tgyt-axv1-c7ag
69
vulnerability VCID-tzpj-j3x1-ekgk
70
vulnerability VCID-u4tq-8qnk-5fd7
71
vulnerability VCID-u5he-6tqb-gqaf
72
vulnerability VCID-uq77-aax5-k7d8
73
vulnerability VCID-vq15-t92r-5bhx
74
vulnerability VCID-w58p-3wg1-7ycr
75
vulnerability VCID-x175-xjek-97ds
76
vulnerability VCID-xh68-defe-f7ce
77
vulnerability VCID-xpxg-qq49-b7fd
78
vulnerability VCID-xt7m-u9eb-fyd9
79
vulnerability VCID-xvyu-2hb8-8ufh
80
vulnerability VCID-xw1s-93bu-wuh9
81
vulnerability VCID-y1ap-y4az-x7ec
82
vulnerability VCID-ygw4-jdqu-4fbt
83
vulnerability VCID-yn6z-9v7k-x7br
84
vulnerability VCID-yz6t-ge1y-qfgr
85
vulnerability VCID-zrz3-3dnf-tbay
86
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1
aliases GMS-2015-87
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ansr-8m5j-pya6
14
url VCID-c57c-akce-xufq
vulnerability_id VCID-c57c-akce-xufq
summary 
Cross-Site Scripting Vulnerability
It has been discovered, that it is possible to forge a link to a backend module, which contains a JavaScript payload. This JavaScript is executed, if an authenticated editor with access to the module follows the link that, is tricked to click on a certain HTML target. Because TYPO3 include a secret token unknown to an attacker in every URL, an exploit would not be feasible for these versions.
references
0
reference_url http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/133551/Typo3-CMS-6.2.14-4.5.40-Cross-Site-Scripting.html
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-5956
reference_id
reference_type
scores
0
value 0.00169
scoring_system epss
scoring_elements 0.37817
published_at 2026-06-04T12:55:00Z
1
value 0.00169
scoring_system epss
scoring_elements 0.3791
published_at 2026-06-06T12:55:00Z
2
value 0.00169
scoring_system epss
scoring_elements 0.37908
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-5956
2
reference_url http://seclists.org/fulldisclosure/2015/Sep/57
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2015/Sep/57
3
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2015-5956.yaml
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2015-5956.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5956
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-5956
5
reference_url https://review.typo3.org/#/c/43122/
reference_id
reference_type
scores
url https://review.typo3.org/#/c/43122/
6
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009
7
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/
8
reference_url http://www.securityfocus.com/archive/1/536464/100/0/threaded
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.securityfocus.com/archive/1/536464/100/0/threaded
9
reference_url http://www.securitytracker.com/id/1033551
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1033551
fixed_packages
0
url pkg:composer/typo3/cms@7.4.0
purl pkg:composer/typo3/cms@7.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5hm4-ms5p-uuae
5
vulnerability VCID-66kh-c1dm-8fbf
6
vulnerability VCID-8jcy-3kje-fqeh
7
vulnerability VCID-953t-q1cr-zyd6
8
vulnerability VCID-abjx-8v46-d7d8
9
vulnerability VCID-ansr-8m5j-pya6
10
vulnerability VCID-dsqm-9q3e-dudw
11
vulnerability VCID-e1ms-4r4s-g7e7
12
vulnerability VCID-e2bk-pfbe-puek
13
vulnerability VCID-e82x-2cdb-7fgn
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fdnw-2tz5-4fdr
16
vulnerability VCID-fqkx-v8t5-q3h6
17
vulnerability VCID-gpv4-4tpd-tbaa
18
vulnerability VCID-hm4k-wbq3-r7ej
19
vulnerability VCID-hp99-ncuh-6ugv
20
vulnerability VCID-hsw8-nbs6-auaa
21
vulnerability VCID-hyx9-8ae6-sba8
22
vulnerability VCID-jp1p-rfxa-hyd9
23
vulnerability VCID-jq5y-7h9g-mufa
24
vulnerability VCID-jwb1-3sbg-kfa5
25
vulnerability VCID-n18b-qe5x-z7cj
26
vulnerability VCID-nhjv-nke2-2kf8
27
vulnerability VCID-njsj-bwjq-fyap
28
vulnerability VCID-p576-w7dd-p3h7
29
vulnerability VCID-p7gd-anw2-1qbz
30
vulnerability VCID-qcnh-z4zh-myaw
31
vulnerability VCID-qek9-g3h8-nfdz
32
vulnerability VCID-rs13-zf7b-mka7
33
vulnerability VCID-teby-zvvw-zkhv
34
vulnerability VCID-tzpj-j3x1-ekgk
35
vulnerability VCID-u6h1-ccgw-jqds
36
vulnerability VCID-ub3e-hrb1-wqac
37
vulnerability VCID-uq77-aax5-k7d8
38
vulnerability VCID-vq15-t92r-5bhx
39
vulnerability VCID-wms8-dnuz-b3hc
40
vulnerability VCID-xvyu-2hb8-8ufh
41
vulnerability VCID-xw1s-93bu-wuh9
42
vulnerability VCID-yz6t-ge1y-qfgr
43
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.4.0
aliases CVE-2015-5956, GHSA-989h-wv8x-933p
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c57c-akce-xufq
15
url VCID-cgqm-1wwf-kbg6
vulnerability_id VCID-cgqm-1wwf-kbg6
summary 
TYPO3 frontend login vulnerable to Session Fixation
It has been discovered that TYPO3 is susceptible to session fixation. If a user authenticates while anonymous session data is present, the session id is not changed. This makes it possible for attackers to generate a valid session id, trick users into using this session id (e.g. by leveraging a different Cross-Site Scripting vulnerability) and then maybe getting access to an authenticated session.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-2.yaml
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-2.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/4c9aba94a930d56ab374693c9c5cc0458587278a
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/4c9aba94a930d56ab374693c9c5cc0458587278a
3
reference_url https://github.com/TYPO3/typo3/commit/4f6e84bba3c13ea8b2652af1a4c47758aa0705f4
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/4f6e84bba3c13ea8b2652af1a4c47758aa0705f4
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2015-003
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2015-003
5
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-003
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-003
6
reference_url https://github.com/advisories/GHSA-r9vc-jfmh-6j48
reference_id GHSA-r9vc-jfmh-6j48
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r9vc-jfmh-6j48
fixed_packages
0
url pkg:composer/typo3/cms@7.3.1
purl pkg:composer/typo3/cms@7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5hm4-ms5p-uuae
5
vulnerability VCID-66kh-c1dm-8fbf
6
vulnerability VCID-8jcy-3kje-fqeh
7
vulnerability VCID-953t-q1cr-zyd6
8
vulnerability VCID-abjx-8v46-d7d8
9
vulnerability VCID-ansr-8m5j-pya6
10
vulnerability VCID-c57c-akce-xufq
11
vulnerability VCID-dsqm-9q3e-dudw
12
vulnerability VCID-e1ms-4r4s-g7e7
13
vulnerability VCID-e2bk-pfbe-puek
14
vulnerability VCID-e82x-2cdb-7fgn
15
vulnerability VCID-ev4k-5k1d-2bhu
16
vulnerability VCID-fdnw-2tz5-4fdr
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-gpv4-4tpd-tbaa
19
vulnerability VCID-hm4k-wbq3-r7ej
20
vulnerability VCID-hp99-ncuh-6ugv
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-hyx9-8ae6-sba8
23
vulnerability VCID-j6x1-dfre-2bdq
24
vulnerability VCID-jp1p-rfxa-hyd9
25
vulnerability VCID-jq5y-7h9g-mufa
26
vulnerability VCID-jwb1-3sbg-kfa5
27
vulnerability VCID-n18b-qe5x-z7cj
28
vulnerability VCID-nhjv-nke2-2kf8
29
vulnerability VCID-njsj-bwjq-fyap
30
vulnerability VCID-p576-w7dd-p3h7
31
vulnerability VCID-p7gd-anw2-1qbz
32
vulnerability VCID-qcnh-z4zh-myaw
33
vulnerability VCID-qek9-g3h8-nfdz
34
vulnerability VCID-rs13-zf7b-mka7
35
vulnerability VCID-teby-zvvw-zkhv
36
vulnerability VCID-tzpj-j3x1-ekgk
37
vulnerability VCID-u6h1-ccgw-jqds
38
vulnerability VCID-ub3e-hrb1-wqac
39
vulnerability VCID-uq77-aax5-k7d8
40
vulnerability VCID-vq15-t92r-5bhx
41
vulnerability VCID-wms8-dnuz-b3hc
42
vulnerability VCID-xvyu-2hb8-8ufh
43
vulnerability VCID-xw1s-93bu-wuh9
44
vulnerability VCID-yz6t-ge1y-qfgr
45
vulnerability VCID-zru2-9g25-77dc
46
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.1
aliases GHSA-r9vc-jfmh-6j48
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cgqm-1wwf-kbg6
16
url VCID-dsqm-9q3e-dudw
vulnerability_id VCID-dsqm-9q3e-dudw
summary 
Uncontrolled Resource Consumption
Denial of Service in Online Media Asset Handling.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-011/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-011/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-102
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dsqm-9q3e-dudw
17
url VCID-dwjk-7sqh-hqa8
vulnerability_id VCID-dwjk-7sqh-hqa8
summary Frontend login Session Fixation.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-003/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-003/
fixed_packages
0
url pkg:composer/typo3/cms@7.3.0
purl pkg:composer/typo3/cms@7.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5hm4-ms5p-uuae
5
vulnerability VCID-5ru2-1n1f-afa4
6
vulnerability VCID-66kh-c1dm-8fbf
7
vulnerability VCID-8jcy-3kje-fqeh
8
vulnerability VCID-953t-q1cr-zyd6
9
vulnerability VCID-9899-uxyb-73gg
10
vulnerability VCID-abjx-8v46-d7d8
11
vulnerability VCID-ansr-8m5j-pya6
12
vulnerability VCID-c57c-akce-xufq
13
vulnerability VCID-cgqm-1wwf-kbg6
14
vulnerability VCID-dsqm-9q3e-dudw
15
vulnerability VCID-dyhd-5p1e-fya6
16
vulnerability VCID-e1ms-4r4s-g7e7
17
vulnerability VCID-e2bk-pfbe-puek
18
vulnerability VCID-e82x-2cdb-7fgn
19
vulnerability VCID-ev4k-5k1d-2bhu
20
vulnerability VCID-fdnw-2tz5-4fdr
21
vulnerability VCID-fqkx-v8t5-q3h6
22
vulnerability VCID-gpv4-4tpd-tbaa
23
vulnerability VCID-hm4k-wbq3-r7ej
24
vulnerability VCID-hp99-ncuh-6ugv
25
vulnerability VCID-hsw8-nbs6-auaa
26
vulnerability VCID-hyx9-8ae6-sba8
27
vulnerability VCID-j6x1-dfre-2bdq
28
vulnerability VCID-jp1p-rfxa-hyd9
29
vulnerability VCID-jq5y-7h9g-mufa
30
vulnerability VCID-jwb1-3sbg-kfa5
31
vulnerability VCID-n18b-qe5x-z7cj
32
vulnerability VCID-nhjv-nke2-2kf8
33
vulnerability VCID-njsj-bwjq-fyap
34
vulnerability VCID-p576-w7dd-p3h7
35
vulnerability VCID-p7gd-anw2-1qbz
36
vulnerability VCID-qcnh-z4zh-myaw
37
vulnerability VCID-qek9-g3h8-nfdz
38
vulnerability VCID-rs13-zf7b-mka7
39
vulnerability VCID-teby-zvvw-zkhv
40
vulnerability VCID-tzpj-j3x1-ekgk
41
vulnerability VCID-u6h1-ccgw-jqds
42
vulnerability VCID-ub3e-hrb1-wqac
43
vulnerability VCID-uq77-aax5-k7d8
44
vulnerability VCID-vq15-t92r-5bhx
45
vulnerability VCID-w65h-8a9d-ckgj
46
vulnerability VCID-wms8-dnuz-b3hc
47
vulnerability VCID-xvyu-2hb8-8ufh
48
vulnerability VCID-xw1s-93bu-wuh9
49
vulnerability VCID-ys6f-g39p-fkfc
50
vulnerability VCID-yz6t-ge1y-qfgr
51
vulnerability VCID-zru2-9g25-77dc
52
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0
aliases GMS-2015-81
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dwjk-7sqh-hqa8
18
url VCID-dyhd-5p1e-fya6
vulnerability_id VCID-dyhd-5p1e-fya6
summary 
TYPO3 Brute Force Protection Bypass in backend login
The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more feasible.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-5.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-5.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/0b67290bbd941c07b0101bbfd6c7aadcbb93c75c
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/0b67290bbd941c07b0101bbfd6c7aadcbb93c75c
3
reference_url https://github.com/TYPO3/typo3/commit/0f3fb37674688aba5a44ca6f5df7f8a327a5b5f6
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/0f3fb37674688aba5a44ca6f5df7f8a327a5b5f6
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2015-006
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2015-006
5
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-006
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-006
6
reference_url https://github.com/advisories/GHSA-jqr8-q455-xx45
reference_id GHSA-jqr8-q455-xx45
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jqr8-q455-xx45
fixed_packages
0
url pkg:composer/typo3/cms@7.3.1
purl pkg:composer/typo3/cms@7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5hm4-ms5p-uuae
5
vulnerability VCID-66kh-c1dm-8fbf
6
vulnerability VCID-8jcy-3kje-fqeh
7
vulnerability VCID-953t-q1cr-zyd6
8
vulnerability VCID-abjx-8v46-d7d8
9
vulnerability VCID-ansr-8m5j-pya6
10
vulnerability VCID-c57c-akce-xufq
11
vulnerability VCID-dsqm-9q3e-dudw
12
vulnerability VCID-e1ms-4r4s-g7e7
13
vulnerability VCID-e2bk-pfbe-puek
14
vulnerability VCID-e82x-2cdb-7fgn
15
vulnerability VCID-ev4k-5k1d-2bhu
16
vulnerability VCID-fdnw-2tz5-4fdr
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-gpv4-4tpd-tbaa
19
vulnerability VCID-hm4k-wbq3-r7ej
20
vulnerability VCID-hp99-ncuh-6ugv
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-hyx9-8ae6-sba8
23
vulnerability VCID-j6x1-dfre-2bdq
24
vulnerability VCID-jp1p-rfxa-hyd9
25
vulnerability VCID-jq5y-7h9g-mufa
26
vulnerability VCID-jwb1-3sbg-kfa5
27
vulnerability VCID-n18b-qe5x-z7cj
28
vulnerability VCID-nhjv-nke2-2kf8
29
vulnerability VCID-njsj-bwjq-fyap
30
vulnerability VCID-p576-w7dd-p3h7
31
vulnerability VCID-p7gd-anw2-1qbz
32
vulnerability VCID-qcnh-z4zh-myaw
33
vulnerability VCID-qek9-g3h8-nfdz
34
vulnerability VCID-rs13-zf7b-mka7
35
vulnerability VCID-teby-zvvw-zkhv
36
vulnerability VCID-tzpj-j3x1-ekgk
37
vulnerability VCID-u6h1-ccgw-jqds
38
vulnerability VCID-ub3e-hrb1-wqac
39
vulnerability VCID-uq77-aax5-k7d8
40
vulnerability VCID-vq15-t92r-5bhx
41
vulnerability VCID-wms8-dnuz-b3hc
42
vulnerability VCID-xvyu-2hb8-8ufh
43
vulnerability VCID-xw1s-93bu-wuh9
44
vulnerability VCID-yz6t-ge1y-qfgr
45
vulnerability VCID-zru2-9g25-77dc
46
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.1
aliases GHSA-jqr8-q455-xx45
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dyhd-5p1e-fya6
19
url VCID-e1gr-txgg-fqa6
vulnerability_id VCID-e1gr-txgg-fqa6
summary 
Information Exposure
Frontend: Unauthenticated Path Disclosure.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008/
fixed_packages
0
url pkg:composer/typo3/cms@7.3.0
purl pkg:composer/typo3/cms@7.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5hm4-ms5p-uuae
5
vulnerability VCID-5ru2-1n1f-afa4
6
vulnerability VCID-66kh-c1dm-8fbf
7
vulnerability VCID-8jcy-3kje-fqeh
8
vulnerability VCID-953t-q1cr-zyd6
9
vulnerability VCID-9899-uxyb-73gg
10
vulnerability VCID-abjx-8v46-d7d8
11
vulnerability VCID-ansr-8m5j-pya6
12
vulnerability VCID-c57c-akce-xufq
13
vulnerability VCID-cgqm-1wwf-kbg6
14
vulnerability VCID-dsqm-9q3e-dudw
15
vulnerability VCID-dyhd-5p1e-fya6
16
vulnerability VCID-e1ms-4r4s-g7e7
17
vulnerability VCID-e2bk-pfbe-puek
18
vulnerability VCID-e82x-2cdb-7fgn
19
vulnerability VCID-ev4k-5k1d-2bhu
20
vulnerability VCID-fdnw-2tz5-4fdr
21
vulnerability VCID-fqkx-v8t5-q3h6
22
vulnerability VCID-gpv4-4tpd-tbaa
23
vulnerability VCID-hm4k-wbq3-r7ej
24
vulnerability VCID-hp99-ncuh-6ugv
25
vulnerability VCID-hsw8-nbs6-auaa
26
vulnerability VCID-hyx9-8ae6-sba8
27
vulnerability VCID-j6x1-dfre-2bdq
28
vulnerability VCID-jp1p-rfxa-hyd9
29
vulnerability VCID-jq5y-7h9g-mufa
30
vulnerability VCID-jwb1-3sbg-kfa5
31
vulnerability VCID-n18b-qe5x-z7cj
32
vulnerability VCID-nhjv-nke2-2kf8
33
vulnerability VCID-njsj-bwjq-fyap
34
vulnerability VCID-p576-w7dd-p3h7
35
vulnerability VCID-p7gd-anw2-1qbz
36
vulnerability VCID-qcnh-z4zh-myaw
37
vulnerability VCID-qek9-g3h8-nfdz
38
vulnerability VCID-rs13-zf7b-mka7
39
vulnerability VCID-teby-zvvw-zkhv
40
vulnerability VCID-tzpj-j3x1-ekgk
41
vulnerability VCID-u6h1-ccgw-jqds
42
vulnerability VCID-ub3e-hrb1-wqac
43
vulnerability VCID-uq77-aax5-k7d8
44
vulnerability VCID-vq15-t92r-5bhx
45
vulnerability VCID-w65h-8a9d-ckgj
46
vulnerability VCID-wms8-dnuz-b3hc
47
vulnerability VCID-xvyu-2hb8-8ufh
48
vulnerability VCID-xw1s-93bu-wuh9
49
vulnerability VCID-ys6f-g39p-fkfc
50
vulnerability VCID-yz6t-ge1y-qfgr
51
vulnerability VCID-zru2-9g25-77dc
52
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0
aliases GMS-2015-86
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e1gr-txgg-fqa6
20
url VCID-e1ms-4r4s-g7e7
vulnerability_id VCID-e1ms-4r4s-g7e7
summary 
TYPO3 Multiple Cross-Site Scripting vulnerabilities in frontend
Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-12-15-3.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-12-15-3.yaml
1
reference_url https://typo3.org/security/advisory/typo3-core-sa-2015-013
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2015-013
2
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013
3
reference_url https://github.com/advisories/GHSA-6fc6-cj2j-h22x
reference_id GHSA-6fc6-cj2j-h22x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6fc6-cj2j-h22x
fixed_packages
0
url pkg:composer/typo3/cms@7.6.1
purl pkg:composer/typo3/cms@7.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2r7u-mc45-8yhe
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-2vpx-fqb6-aqfa
5
vulnerability VCID-39jx-muqb-nkfq
6
vulnerability VCID-3ugj-6m1e-e3hr
7
vulnerability VCID-4wnp-gusy-43b8
8
vulnerability VCID-5dxs-cdht-27hw
9
vulnerability VCID-5hm4-ms5p-uuae
10
vulnerability VCID-5ppx-p8eq-mbgk
11
vulnerability VCID-5u2f-5zzf-j3e4
12
vulnerability VCID-66kh-c1dm-8fbf
13
vulnerability VCID-66ru-n2df-b3ay
14
vulnerability VCID-6su8-bbrw-hbhp
15
vulnerability VCID-727q-h3ey-6yc9
16
vulnerability VCID-8jcy-3kje-fqeh
17
vulnerability VCID-8p64-6zpt-t3av
18
vulnerability VCID-953t-q1cr-zyd6
19
vulnerability VCID-9726-hafj-wkay
20
vulnerability VCID-9saf-w56y-pugz
21
vulnerability VCID-abjx-8v46-d7d8
22
vulnerability VCID-bstt-ybrs-5ua3
23
vulnerability VCID-dd9u-w2y2-87h9
24
vulnerability VCID-dsqm-9q3e-dudw
25
vulnerability VCID-e564-zdku-9fc6
26
vulnerability VCID-ekvp-u4kk-kqdd
27
vulnerability VCID-eutz-mj58-audb
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-exjy-5cyn-zfg1
30
vulnerability VCID-fdnw-2tz5-4fdr
31
vulnerability VCID-fgqa-5fx9-nkaz
32
vulnerability VCID-fh61-7rfy-s3hg
33
vulnerability VCID-fqkx-v8t5-q3h6
34
vulnerability VCID-g7mm-vjbw-bbhd
35
vulnerability VCID-g9ns-sxkx-aqh1
36
vulnerability VCID-gpv4-4tpd-tbaa
37
vulnerability VCID-h217-xe8x-nua3
38
vulnerability VCID-h7cg-64er-uya9
39
vulnerability VCID-h7hf-sf2q-73ay
40
vulnerability VCID-hp99-ncuh-6ugv
41
vulnerability VCID-hsw8-nbs6-auaa
42
vulnerability VCID-hyx9-8ae6-sba8
43
vulnerability VCID-hzma-cduk-3uhp
44
vulnerability VCID-j8sh-5evd-dkaz
45
vulnerability VCID-jenc-czvj-g3gw
46
vulnerability VCID-jeqr-9tfu-f7b2
47
vulnerability VCID-jf28-91be-6kbr
48
vulnerability VCID-jmea-qzsr-wkf4
49
vulnerability VCID-jn38-wfec-7bb2
50
vulnerability VCID-jp1p-rfxa-hyd9
51
vulnerability VCID-jq5y-7h9g-mufa
52
vulnerability VCID-jqe4-8hzb-mfea
53
vulnerability VCID-jwb1-3sbg-kfa5
54
vulnerability VCID-kp2p-nbmg-ufen
55
vulnerability VCID-ks1q-a8x2-uqht
56
vulnerability VCID-m3nc-xbb4-yubr
57
vulnerability VCID-mctp-nf36-7qdn
58
vulnerability VCID-nhjv-nke2-2kf8
59
vulnerability VCID-njsj-bwjq-fyap
60
vulnerability VCID-nvbp-pbjw-3qgx
61
vulnerability VCID-p576-w7dd-p3h7
62
vulnerability VCID-p7gd-anw2-1qbz
63
vulnerability VCID-qcnh-z4zh-myaw
64
vulnerability VCID-s97a-nmk8-y3ay
65
vulnerability VCID-sdz8-hju8-4bcb
66
vulnerability VCID-sy7r-d6pv-yba9
67
vulnerability VCID-teby-zvvw-zkhv
68
vulnerability VCID-tgyt-axv1-c7ag
69
vulnerability VCID-tzpj-j3x1-ekgk
70
vulnerability VCID-u4tq-8qnk-5fd7
71
vulnerability VCID-u5he-6tqb-gqaf
72
vulnerability VCID-uq77-aax5-k7d8
73
vulnerability VCID-vq15-t92r-5bhx
74
vulnerability VCID-w58p-3wg1-7ycr
75
vulnerability VCID-x175-xjek-97ds
76
vulnerability VCID-xh68-defe-f7ce
77
vulnerability VCID-xpxg-qq49-b7fd
78
vulnerability VCID-xt7m-u9eb-fyd9
79
vulnerability VCID-xvyu-2hb8-8ufh
80
vulnerability VCID-xw1s-93bu-wuh9
81
vulnerability VCID-y1ap-y4az-x7ec
82
vulnerability VCID-ygw4-jdqu-4fbt
83
vulnerability VCID-yn6z-9v7k-x7br
84
vulnerability VCID-yz6t-ge1y-qfgr
85
vulnerability VCID-zrz3-3dnf-tbay
86
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1
aliases GHSA-6fc6-cj2j-h22x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e1ms-4r4s-g7e7
21
url VCID-e2bk-pfbe-puek
vulnerability_id VCID-e2bk-pfbe-puek
summary 
Duplicate Advisory: TYPO3 Cross-Site Scripting vulnerability in typolinks
## Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-j5v7-9xr5-m7gx. This link is maintained to preserve external references.

## Original Description

All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert javascript commands by using the url scheme `javascript:`.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-12-15-2.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-12-15-2.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/25a1473907f0f4b2bb0147c661981940c57a4555
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/25a1473907f0f4b2bb0147c661981940c57a4555
3
reference_url https://github.com/TYPO3/typo3/commit/de1755a6dcff9b037c6d5a1fa340ba100aff054a
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/de1755a6dcff9b037c6d5a1fa340ba100aff054a
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2015-012
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2015-012
5
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012
6
reference_url https://github.com/advisories/GHSA-75mx-chcf-2q32
reference_id GHSA-75mx-chcf-2q32
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-75mx-chcf-2q32
fixed_packages
0
url pkg:composer/typo3/cms@7.6.1
purl pkg:composer/typo3/cms@7.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2r7u-mc45-8yhe
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-2vpx-fqb6-aqfa
5
vulnerability VCID-39jx-muqb-nkfq
6
vulnerability VCID-3ugj-6m1e-e3hr
7
vulnerability VCID-4wnp-gusy-43b8
8
vulnerability VCID-5dxs-cdht-27hw
9
vulnerability VCID-5hm4-ms5p-uuae
10
vulnerability VCID-5ppx-p8eq-mbgk
11
vulnerability VCID-5u2f-5zzf-j3e4
12
vulnerability VCID-66kh-c1dm-8fbf
13
vulnerability VCID-66ru-n2df-b3ay
14
vulnerability VCID-6su8-bbrw-hbhp
15
vulnerability VCID-727q-h3ey-6yc9
16
vulnerability VCID-8jcy-3kje-fqeh
17
vulnerability VCID-8p64-6zpt-t3av
18
vulnerability VCID-953t-q1cr-zyd6
19
vulnerability VCID-9726-hafj-wkay
20
vulnerability VCID-9saf-w56y-pugz
21
vulnerability VCID-abjx-8v46-d7d8
22
vulnerability VCID-bstt-ybrs-5ua3
23
vulnerability VCID-dd9u-w2y2-87h9
24
vulnerability VCID-dsqm-9q3e-dudw
25
vulnerability VCID-e564-zdku-9fc6
26
vulnerability VCID-ekvp-u4kk-kqdd
27
vulnerability VCID-eutz-mj58-audb
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-exjy-5cyn-zfg1
30
vulnerability VCID-fdnw-2tz5-4fdr
31
vulnerability VCID-fgqa-5fx9-nkaz
32
vulnerability VCID-fh61-7rfy-s3hg
33
vulnerability VCID-fqkx-v8t5-q3h6
34
vulnerability VCID-g7mm-vjbw-bbhd
35
vulnerability VCID-g9ns-sxkx-aqh1
36
vulnerability VCID-gpv4-4tpd-tbaa
37
vulnerability VCID-h217-xe8x-nua3
38
vulnerability VCID-h7cg-64er-uya9
39
vulnerability VCID-h7hf-sf2q-73ay
40
vulnerability VCID-hp99-ncuh-6ugv
41
vulnerability VCID-hsw8-nbs6-auaa
42
vulnerability VCID-hyx9-8ae6-sba8
43
vulnerability VCID-hzma-cduk-3uhp
44
vulnerability VCID-j8sh-5evd-dkaz
45
vulnerability VCID-jenc-czvj-g3gw
46
vulnerability VCID-jeqr-9tfu-f7b2
47
vulnerability VCID-jf28-91be-6kbr
48
vulnerability VCID-jmea-qzsr-wkf4
49
vulnerability VCID-jn38-wfec-7bb2
50
vulnerability VCID-jp1p-rfxa-hyd9
51
vulnerability VCID-jq5y-7h9g-mufa
52
vulnerability VCID-jqe4-8hzb-mfea
53
vulnerability VCID-jwb1-3sbg-kfa5
54
vulnerability VCID-kp2p-nbmg-ufen
55
vulnerability VCID-ks1q-a8x2-uqht
56
vulnerability VCID-m3nc-xbb4-yubr
57
vulnerability VCID-mctp-nf36-7qdn
58
vulnerability VCID-nhjv-nke2-2kf8
59
vulnerability VCID-njsj-bwjq-fyap
60
vulnerability VCID-nvbp-pbjw-3qgx
61
vulnerability VCID-p576-w7dd-p3h7
62
vulnerability VCID-p7gd-anw2-1qbz
63
vulnerability VCID-qcnh-z4zh-myaw
64
vulnerability VCID-s97a-nmk8-y3ay
65
vulnerability VCID-sdz8-hju8-4bcb
66
vulnerability VCID-sy7r-d6pv-yba9
67
vulnerability VCID-teby-zvvw-zkhv
68
vulnerability VCID-tgyt-axv1-c7ag
69
vulnerability VCID-tzpj-j3x1-ekgk
70
vulnerability VCID-u4tq-8qnk-5fd7
71
vulnerability VCID-u5he-6tqb-gqaf
72
vulnerability VCID-uq77-aax5-k7d8
73
vulnerability VCID-vq15-t92r-5bhx
74
vulnerability VCID-w58p-3wg1-7ycr
75
vulnerability VCID-x175-xjek-97ds
76
vulnerability VCID-xh68-defe-f7ce
77
vulnerability VCID-xpxg-qq49-b7fd
78
vulnerability VCID-xt7m-u9eb-fyd9
79
vulnerability VCID-xvyu-2hb8-8ufh
80
vulnerability VCID-xw1s-93bu-wuh9
81
vulnerability VCID-y1ap-y4az-x7ec
82
vulnerability VCID-ygw4-jdqu-4fbt
83
vulnerability VCID-yn6z-9v7k-x7br
84
vulnerability VCID-yz6t-ge1y-qfgr
85
vulnerability VCID-zrz3-3dnf-tbay
86
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1
aliases GHSA-75mx-chcf-2q32
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e2bk-pfbe-puek
22
url VCID-e82x-2cdb-7fgn
vulnerability_id VCID-e82x-2cdb-7fgn
summary 
Cross-site Scripting
Cross-Site Scripting vulnerability in typolinks.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.1
purl pkg:composer/typo3/cms@7.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2r7u-mc45-8yhe
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-2vpx-fqb6-aqfa
5
vulnerability VCID-39jx-muqb-nkfq
6
vulnerability VCID-3ugj-6m1e-e3hr
7
vulnerability VCID-4wnp-gusy-43b8
8
vulnerability VCID-5dxs-cdht-27hw
9
vulnerability VCID-5hm4-ms5p-uuae
10
vulnerability VCID-5ppx-p8eq-mbgk
11
vulnerability VCID-5u2f-5zzf-j3e4
12
vulnerability VCID-66kh-c1dm-8fbf
13
vulnerability VCID-66ru-n2df-b3ay
14
vulnerability VCID-6su8-bbrw-hbhp
15
vulnerability VCID-727q-h3ey-6yc9
16
vulnerability VCID-8jcy-3kje-fqeh
17
vulnerability VCID-8p64-6zpt-t3av
18
vulnerability VCID-953t-q1cr-zyd6
19
vulnerability VCID-9726-hafj-wkay
20
vulnerability VCID-9saf-w56y-pugz
21
vulnerability VCID-abjx-8v46-d7d8
22
vulnerability VCID-bstt-ybrs-5ua3
23
vulnerability VCID-dd9u-w2y2-87h9
24
vulnerability VCID-dsqm-9q3e-dudw
25
vulnerability VCID-e564-zdku-9fc6
26
vulnerability VCID-ekvp-u4kk-kqdd
27
vulnerability VCID-eutz-mj58-audb
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-exjy-5cyn-zfg1
30
vulnerability VCID-fdnw-2tz5-4fdr
31
vulnerability VCID-fgqa-5fx9-nkaz
32
vulnerability VCID-fh61-7rfy-s3hg
33
vulnerability VCID-fqkx-v8t5-q3h6
34
vulnerability VCID-g7mm-vjbw-bbhd
35
vulnerability VCID-g9ns-sxkx-aqh1
36
vulnerability VCID-gpv4-4tpd-tbaa
37
vulnerability VCID-h217-xe8x-nua3
38
vulnerability VCID-h7cg-64er-uya9
39
vulnerability VCID-h7hf-sf2q-73ay
40
vulnerability VCID-hp99-ncuh-6ugv
41
vulnerability VCID-hsw8-nbs6-auaa
42
vulnerability VCID-hyx9-8ae6-sba8
43
vulnerability VCID-hzma-cduk-3uhp
44
vulnerability VCID-j8sh-5evd-dkaz
45
vulnerability VCID-jenc-czvj-g3gw
46
vulnerability VCID-jeqr-9tfu-f7b2
47
vulnerability VCID-jf28-91be-6kbr
48
vulnerability VCID-jmea-qzsr-wkf4
49
vulnerability VCID-jn38-wfec-7bb2
50
vulnerability VCID-jp1p-rfxa-hyd9
51
vulnerability VCID-jq5y-7h9g-mufa
52
vulnerability VCID-jqe4-8hzb-mfea
53
vulnerability VCID-jwb1-3sbg-kfa5
54
vulnerability VCID-kp2p-nbmg-ufen
55
vulnerability VCID-ks1q-a8x2-uqht
56
vulnerability VCID-m3nc-xbb4-yubr
57
vulnerability VCID-mctp-nf36-7qdn
58
vulnerability VCID-nhjv-nke2-2kf8
59
vulnerability VCID-njsj-bwjq-fyap
60
vulnerability VCID-nvbp-pbjw-3qgx
61
vulnerability VCID-p576-w7dd-p3h7
62
vulnerability VCID-p7gd-anw2-1qbz
63
vulnerability VCID-qcnh-z4zh-myaw
64
vulnerability VCID-s97a-nmk8-y3ay
65
vulnerability VCID-sdz8-hju8-4bcb
66
vulnerability VCID-sy7r-d6pv-yba9
67
vulnerability VCID-teby-zvvw-zkhv
68
vulnerability VCID-tgyt-axv1-c7ag
69
vulnerability VCID-tzpj-j3x1-ekgk
70
vulnerability VCID-u4tq-8qnk-5fd7
71
vulnerability VCID-u5he-6tqb-gqaf
72
vulnerability VCID-uq77-aax5-k7d8
73
vulnerability VCID-vq15-t92r-5bhx
74
vulnerability VCID-w58p-3wg1-7ycr
75
vulnerability VCID-x175-xjek-97ds
76
vulnerability VCID-xh68-defe-f7ce
77
vulnerability VCID-xpxg-qq49-b7fd
78
vulnerability VCID-xt7m-u9eb-fyd9
79
vulnerability VCID-xvyu-2hb8-8ufh
80
vulnerability VCID-xw1s-93bu-wuh9
81
vulnerability VCID-y1ap-y4az-x7ec
82
vulnerability VCID-ygw4-jdqu-4fbt
83
vulnerability VCID-yn6z-9v7k-x7br
84
vulnerability VCID-yz6t-ge1y-qfgr
85
vulnerability VCID-zrz3-3dnf-tbay
86
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1
aliases GMS-2015-88
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e82x-2cdb-7fgn
23
url VCID-ec17-eauu-67d3
vulnerability_id VCID-ec17-eauu-67d3
summary 
Improper Restriction of Excessive Authentication Attempts
Brute Force Protection Bypass in backend login.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-006/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-006/
fixed_packages
0
url pkg:composer/typo3/cms@7.3.0
purl pkg:composer/typo3/cms@7.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5hm4-ms5p-uuae
5
vulnerability VCID-5ru2-1n1f-afa4
6
vulnerability VCID-66kh-c1dm-8fbf
7
vulnerability VCID-8jcy-3kje-fqeh
8
vulnerability VCID-953t-q1cr-zyd6
9
vulnerability VCID-9899-uxyb-73gg
10
vulnerability VCID-abjx-8v46-d7d8
11
vulnerability VCID-ansr-8m5j-pya6
12
vulnerability VCID-c57c-akce-xufq
13
vulnerability VCID-cgqm-1wwf-kbg6
14
vulnerability VCID-dsqm-9q3e-dudw
15
vulnerability VCID-dyhd-5p1e-fya6
16
vulnerability VCID-e1ms-4r4s-g7e7
17
vulnerability VCID-e2bk-pfbe-puek
18
vulnerability VCID-e82x-2cdb-7fgn
19
vulnerability VCID-ev4k-5k1d-2bhu
20
vulnerability VCID-fdnw-2tz5-4fdr
21
vulnerability VCID-fqkx-v8t5-q3h6
22
vulnerability VCID-gpv4-4tpd-tbaa
23
vulnerability VCID-hm4k-wbq3-r7ej
24
vulnerability VCID-hp99-ncuh-6ugv
25
vulnerability VCID-hsw8-nbs6-auaa
26
vulnerability VCID-hyx9-8ae6-sba8
27
vulnerability VCID-j6x1-dfre-2bdq
28
vulnerability VCID-jp1p-rfxa-hyd9
29
vulnerability VCID-jq5y-7h9g-mufa
30
vulnerability VCID-jwb1-3sbg-kfa5
31
vulnerability VCID-n18b-qe5x-z7cj
32
vulnerability VCID-nhjv-nke2-2kf8
33
vulnerability VCID-njsj-bwjq-fyap
34
vulnerability VCID-p576-w7dd-p3h7
35
vulnerability VCID-p7gd-anw2-1qbz
36
vulnerability VCID-qcnh-z4zh-myaw
37
vulnerability VCID-qek9-g3h8-nfdz
38
vulnerability VCID-rs13-zf7b-mka7
39
vulnerability VCID-teby-zvvw-zkhv
40
vulnerability VCID-tzpj-j3x1-ekgk
41
vulnerability VCID-u6h1-ccgw-jqds
42
vulnerability VCID-ub3e-hrb1-wqac
43
vulnerability VCID-uq77-aax5-k7d8
44
vulnerability VCID-vq15-t92r-5bhx
45
vulnerability VCID-w65h-8a9d-ckgj
46
vulnerability VCID-wms8-dnuz-b3hc
47
vulnerability VCID-xvyu-2hb8-8ufh
48
vulnerability VCID-xw1s-93bu-wuh9
49
vulnerability VCID-ys6f-g39p-fkfc
50
vulnerability VCID-yz6t-ge1y-qfgr
51
vulnerability VCID-zru2-9g25-77dc
52
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0
aliases GMS-2015-84
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ec17-eauu-67d3
24
url VCID-ev4k-5k1d-2bhu
vulnerability_id VCID-ev4k-5k1d-2bhu
summary 
URL Redirection to Untrusted Site (Open Redirect)
Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21338
reference_id
reference_type
scores
0
value 0.00253
scoring_system epss
scoring_elements 0.48843
published_at 2026-06-06T12:55:00Z
1
value 0.00253
scoring_system epss
scoring_elements 0.48835
published_at 2026-06-05T12:55:00Z
2
value 0.00253
scoring_system epss
scoring_elements 0.48774
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21338
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21338.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21338.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-4jhw-2p6j-5wmp
4
reference_url https://packagist.org/packages/typo3/cms-core
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-core
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-001
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-001
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21338
reference_id CVE-2021-21338
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21338
fixed_packages
0
url pkg:composer/typo3/cms@7.6.51
purl pkg:composer/typo3/cms@7.6.51
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uq77-aax5-k7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.51
1
url pkg:composer/typo3/cms@8.7.40
purl pkg:composer/typo3/cms@8.7.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j8hk-bqnb-gycp
1
vulnerability VCID-sdjb-gp4t-vbgt
2
vulnerability VCID-uq77-aax5-k7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40
2
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-6a22-c7x5-sqe2
4
vulnerability VCID-a1g9-pyz5-9fca
5
vulnerability VCID-hsw8-nbs6-auaa
6
vulnerability VCID-j8hk-bqnb-gycp
7
vulnerability VCID-sdjb-gp4t-vbgt
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-un7r-8sah-33cr
10
vulnerability VCID-uq77-aax5-k7d8
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
3
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-36cz-khgc-6fft
5
vulnerability VCID-6a22-c7x5-sqe2
6
vulnerability VCID-6hnx-p9hv-jbg2
7
vulnerability VCID-6xgm-uan4-u7fu
8
vulnerability VCID-9c49-n1a2-pubu
9
vulnerability VCID-a1g9-pyz5-9fca
10
vulnerability VCID-e4zc-fmh2-n7b8
11
vulnerability VCID-fyyr-48a7-8qch
12
vulnerability VCID-gbev-1zs8-8bac
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-j8hk-bqnb-gycp
15
vulnerability VCID-sdjb-gp4t-vbgt
16
vulnerability VCID-tzpj-j3x1-ekgk
17
vulnerability VCID-un7r-8sah-33cr
18
vulnerability VCID-uq77-aax5-k7d8
19
vulnerability VCID-x8qf-w4vq-mfhm
20
vulnerability VCID-x8tq-5na6-gfbj
21
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
4
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-36cz-khgc-6fft
5
vulnerability VCID-6a22-c7x5-sqe2
6
vulnerability VCID-6hnx-p9hv-jbg2
7
vulnerability VCID-6xgm-uan4-u7fu
8
vulnerability VCID-9c49-n1a2-pubu
9
vulnerability VCID-a1g9-pyz5-9fca
10
vulnerability VCID-e4zc-fmh2-n7b8
11
vulnerability VCID-fsx8-7qjz-2ubw
12
vulnerability VCID-fyyr-48a7-8qch
13
vulnerability VCID-gbev-1zs8-8bac
14
vulnerability VCID-hsw8-nbs6-auaa
15
vulnerability VCID-j8hk-bqnb-gycp
16
vulnerability VCID-sdjb-gp4t-vbgt
17
vulnerability VCID-tzpj-j3x1-ekgk
18
vulnerability VCID-un7r-8sah-33cr
19
vulnerability VCID-uq77-aax5-k7d8
20
vulnerability VCID-x8qf-w4vq-mfhm
21
vulnerability VCID-x8tq-5na6-gfbj
22
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21338, GHSA-4jhw-2p6j-5wmp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ev4k-5k1d-2bhu
25
url VCID-fdnw-2tz5-4fdr
vulnerability_id VCID-fdnw-2tz5-4fdr
summary 
Uncontrolled Resource Consumption
Denial of Service in Frontend Record Registration.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-012/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-012/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.0.0
purl pkg:composer/typo3/cms@9.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-28fn-ncj5-2ufk
5
vulnerability VCID-2rhr-8vaz-hqfj
6
vulnerability VCID-2rmv-a83x-9ka8
7
vulnerability VCID-39vn-73mc-jqav
8
vulnerability VCID-3k2k-a3gb-n3ba
9
vulnerability VCID-3ugj-6m1e-e3hr
10
vulnerability VCID-3ye6-vqje-abh4
11
vulnerability VCID-4an7-9ph4-mkd4
12
vulnerability VCID-4eym-e6vt-8fbs
13
vulnerability VCID-4jck-w9ct-budk
14
vulnerability VCID-5k47-9k7t-rqak
15
vulnerability VCID-66kh-c1dm-8fbf
16
vulnerability VCID-6a22-c7x5-sqe2
17
vulnerability VCID-6mnf-2fcw-dqgp
18
vulnerability VCID-7ch1-q9f4-a7bt
19
vulnerability VCID-7m6u-k5tp-gkhy
20
vulnerability VCID-7xv1-78u7-xufp
21
vulnerability VCID-848u-w88s-5bbe
22
vulnerability VCID-8w4e-d49b-nbg8
23
vulnerability VCID-94r9-hh4g-jkej
24
vulnerability VCID-953t-q1cr-zyd6
25
vulnerability VCID-9adx-p876-kyb5
26
vulnerability VCID-9yu1-z7c2-t3fj
27
vulnerability VCID-a1g9-pyz5-9fca
28
vulnerability VCID-abjx-8v46-d7d8
29
vulnerability VCID-am6s-67bm-77dr
30
vulnerability VCID-bbh5-rss8-bfct
31
vulnerability VCID-bcbd-zzet-mff6
32
vulnerability VCID-buj5-2t53-3kcr
33
vulnerability VCID-cbmm-1b2k-8qaz
34
vulnerability VCID-cvk2-93hm-gkhx
35
vulnerability VCID-dsqm-9q3e-dudw
36
vulnerability VCID-e6zr-4bgg-kkh5
37
vulnerability VCID-emqq-kwjg-3kfk
38
vulnerability VCID-ev4k-5k1d-2bhu
39
vulnerability VCID-f319-jpf5-hyex
40
vulnerability VCID-f4n7-q72x-3yea
41
vulnerability VCID-fpa2-ffg1-fyaa
42
vulnerability VCID-fqkc-utex-3kav
43
vulnerability VCID-fqkx-v8t5-q3h6
44
vulnerability VCID-fut7-bb1f-37g7
45
vulnerability VCID-gpv4-4tpd-tbaa
46
vulnerability VCID-hknp-f88a-kqec
47
vulnerability VCID-hp99-ncuh-6ugv
48
vulnerability VCID-hsw8-nbs6-auaa
49
vulnerability VCID-j8hk-bqnb-gycp
50
vulnerability VCID-je4q-svfw-hqda
51
vulnerability VCID-jp1p-rfxa-hyd9
52
vulnerability VCID-jq5y-7h9g-mufa
53
vulnerability VCID-jwb1-3sbg-kfa5
54
vulnerability VCID-k5t3-28es-h3ez
55
vulnerability VCID-khpm-e1xb-hydb
56
vulnerability VCID-n1gz-y615-cbbk
57
vulnerability VCID-njsj-bwjq-fyap
58
vulnerability VCID-nney-azbc-pucg
59
vulnerability VCID-p576-w7dd-p3h7
60
vulnerability VCID-p7gd-anw2-1qbz
61
vulnerability VCID-pmvp-twk2-jqe4
62
vulnerability VCID-q2t1-kx56-s3c3
63
vulnerability VCID-q7vt-19eb-sqeq
64
vulnerability VCID-qcnh-z4zh-myaw
65
vulnerability VCID-qdxh-arxx-wbcr
66
vulnerability VCID-qv14-m93d-jyd9
67
vulnerability VCID-qxab-9uwr-yqhv
68
vulnerability VCID-rqrw-t2kj-mud8
69
vulnerability VCID-ru6w-m6q6-27gn
70
vulnerability VCID-sdjb-gp4t-vbgt
71
vulnerability VCID-sdsa-mh76-kqch
72
vulnerability VCID-teby-zvvw-zkhv
73
vulnerability VCID-tgyt-axv1-c7ag
74
vulnerability VCID-tzpj-j3x1-ekgk
75
vulnerability VCID-u259-2sxq-tbct
76
vulnerability VCID-u6as-cwxc-pkhk
77
vulnerability VCID-un7r-8sah-33cr
78
vulnerability VCID-uq77-aax5-k7d8
79
vulnerability VCID-vq15-t92r-5bhx
80
vulnerability VCID-vw2r-g8yy-eyf4
81
vulnerability VCID-w1wb-mq2y-dfca
82
vulnerability VCID-w7z1-aw31-vugx
83
vulnerability VCID-wat8-4m83-hken
84
vulnerability VCID-x5x1-w7yv-eye9
85
vulnerability VCID-xvyu-2hb8-8ufh
86
vulnerability VCID-xw1s-93bu-wuh9
87
vulnerability VCID-y7ds-p5r2-yuhq
88
vulnerability VCID-yh6b-tc4u-v3bk
89
vulnerability VCID-yz6t-ge1y-qfgr
90
vulnerability VCID-zeut-9wfp-q7et
91
vulnerability VCID-zgfw-pk39-gyg8
92
vulnerability VCID-zkvq-bms4-gfcv
93
vulnerability VCID-zmwv-gwq3-fkej
94
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0
aliases GMS-2018-103
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fdnw-2tz5-4fdr
26
url VCID-fqkx-v8t5-q3h6
vulnerability_id VCID-fqkx-v8t5-q3h6
summary 
Cleartext Storage of Sensitive Information
User session identifiers are stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - for example SQL injection in any other component of the system.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21339
reference_id
reference_type
scores
0
value 0.00132
scoring_system epss
scoring_elements 0.32264
published_at 2026-06-06T12:55:00Z
1
value 0.00132
scoring_system epss
scoring_elements 0.32296
published_at 2026-06-05T12:55:00Z
2
value 0.00132
scoring_system epss
scoring_elements 0.32224
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21339
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21339.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21339.yaml
3
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-qx3w-4864-94ch
4
reference_url https://packagist.org/packages/typo3/cms-core
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-core
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-006
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-006
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21339
reference_id CVE-2021-21339
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21339
fixed_packages
0
url pkg:composer/typo3/cms@7.6.51
purl pkg:composer/typo3/cms@7.6.51
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uq77-aax5-k7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.51
1
url pkg:composer/typo3/cms@8.7.40
purl pkg:composer/typo3/cms@8.7.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j8hk-bqnb-gycp
1
vulnerability VCID-sdjb-gp4t-vbgt
2
vulnerability VCID-uq77-aax5-k7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40
2
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-6a22-c7x5-sqe2
4
vulnerability VCID-a1g9-pyz5-9fca
5
vulnerability VCID-hsw8-nbs6-auaa
6
vulnerability VCID-j8hk-bqnb-gycp
7
vulnerability VCID-sdjb-gp4t-vbgt
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-un7r-8sah-33cr
10
vulnerability VCID-uq77-aax5-k7d8
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
3
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-36cz-khgc-6fft
5
vulnerability VCID-6a22-c7x5-sqe2
6
vulnerability VCID-6hnx-p9hv-jbg2
7
vulnerability VCID-6xgm-uan4-u7fu
8
vulnerability VCID-9c49-n1a2-pubu
9
vulnerability VCID-a1g9-pyz5-9fca
10
vulnerability VCID-e4zc-fmh2-n7b8
11
vulnerability VCID-fyyr-48a7-8qch
12
vulnerability VCID-gbev-1zs8-8bac
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-j8hk-bqnb-gycp
15
vulnerability VCID-sdjb-gp4t-vbgt
16
vulnerability VCID-tzpj-j3x1-ekgk
17
vulnerability VCID-un7r-8sah-33cr
18
vulnerability VCID-uq77-aax5-k7d8
19
vulnerability VCID-x8qf-w4vq-mfhm
20
vulnerability VCID-x8tq-5na6-gfbj
21
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
4
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-36cz-khgc-6fft
5
vulnerability VCID-6a22-c7x5-sqe2
6
vulnerability VCID-6hnx-p9hv-jbg2
7
vulnerability VCID-6xgm-uan4-u7fu
8
vulnerability VCID-9c49-n1a2-pubu
9
vulnerability VCID-a1g9-pyz5-9fca
10
vulnerability VCID-e4zc-fmh2-n7b8
11
vulnerability VCID-fsx8-7qjz-2ubw
12
vulnerability VCID-fyyr-48a7-8qch
13
vulnerability VCID-gbev-1zs8-8bac
14
vulnerability VCID-hsw8-nbs6-auaa
15
vulnerability VCID-j8hk-bqnb-gycp
16
vulnerability VCID-sdjb-gp4t-vbgt
17
vulnerability VCID-tzpj-j3x1-ekgk
18
vulnerability VCID-un7r-8sah-33cr
19
vulnerability VCID-uq77-aax5-k7d8
20
vulnerability VCID-x8qf-w4vq-mfhm
21
vulnerability VCID-x8tq-5na6-gfbj
22
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21339, GHSA-qx3w-4864-94ch
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fqkx-v8t5-q3h6
27
url VCID-gpv4-4tpd-tbaa
vulnerability_id VCID-gpv4-4tpd-tbaa
summary 
TYPO3 Cross-Site Scripting in Frontend User Login
Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile.

Template patterns that are affected are

- ###FEUSER_[fieldName]### using system extension felogin
- <!--###USERNAME###--> for regular frontend rendering (pattern can be defined individually using TypoScript setting config.USERNAME_substToken)
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-3.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-3.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/1c85fe70269e2ff8ecf0b6d5f16550c6cd0ddc78
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/1c85fe70269e2ff8ecf0b6d5f16550c6cd0ddc78
3
reference_url https://github.com/TYPO3/typo3/commit/373bec5d7d415f0764ebbadc7970610dc26da068
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/373bec5d7d415f0764ebbadc7970610dc26da068
4
reference_url https://github.com/TYPO3/typo3/commit/e4143195e1451630f058a58ab62d92135948a927
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/e4143195e1451630f058a58ab62d92135948a927
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-008
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-008
6
reference_url https://github.com/advisories/GHSA-2rcw-9hrm-8q7q
reference_id GHSA-2rcw-9hrm-8q7q
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rcw-9hrm-8q7q
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-2rcw-9hrm-8q7q
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gpv4-4tpd-tbaa
28
url VCID-hm4k-wbq3-r7ej
vulnerability_id VCID-hm4k-wbq3-r7ej
summary 
TYPO3 Cross-site Scripting vulnerability
Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-8759
reference_id
reference_type
scores
0
value 0.00187
scoring_system epss
scoring_elements 0.40421
published_at 2026-06-06T12:55:00Z
1
value 0.00187
scoring_system epss
scoring_elements 0.40418
published_at 2026-06-05T12:55:00Z
2
value 0.00187
scoring_system epss
scoring_elements 0.40338
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-8759
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-12-15-2.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-12-15-2.yaml
2
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
3
reference_url https://github.com/TYPO3/typo3/commit/25a1473907f0f4b2bb0147c661981940c57a4555
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/25a1473907f0f4b2bb0147c661981940c57a4555
4
reference_url https://github.com/TYPO3/typo3/commit/de1755a6dcff9b037c6d5a1fa340ba100aff054a
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/de1755a6dcff9b037c6d5a1fa340ba100aff054a
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-8759
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-8759
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2015-012
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2015-012
7
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012
8
reference_url https://web.archive.org/web/20200228051548/http://www.securityfocus.com/bid/79250
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20200228051548/http://www.securityfocus.com/bid/79250
9
reference_url https://github.com/advisories/GHSA-j5v7-9xr5-m7gx
reference_id GHSA-j5v7-9xr5-m7gx
reference_type
scores
url https://github.com/advisories/GHSA-j5v7-9xr5-m7gx
fixed_packages
0
url pkg:composer/typo3/cms@7.6.1
purl pkg:composer/typo3/cms@7.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2r7u-mc45-8yhe
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-2vpx-fqb6-aqfa
5
vulnerability VCID-39jx-muqb-nkfq
6
vulnerability VCID-3ugj-6m1e-e3hr
7
vulnerability VCID-4wnp-gusy-43b8
8
vulnerability VCID-5dxs-cdht-27hw
9
vulnerability VCID-5hm4-ms5p-uuae
10
vulnerability VCID-5ppx-p8eq-mbgk
11
vulnerability VCID-5u2f-5zzf-j3e4
12
vulnerability VCID-66kh-c1dm-8fbf
13
vulnerability VCID-66ru-n2df-b3ay
14
vulnerability VCID-6su8-bbrw-hbhp
15
vulnerability VCID-727q-h3ey-6yc9
16
vulnerability VCID-8jcy-3kje-fqeh
17
vulnerability VCID-8p64-6zpt-t3av
18
vulnerability VCID-953t-q1cr-zyd6
19
vulnerability VCID-9726-hafj-wkay
20
vulnerability VCID-9saf-w56y-pugz
21
vulnerability VCID-abjx-8v46-d7d8
22
vulnerability VCID-bstt-ybrs-5ua3
23
vulnerability VCID-dd9u-w2y2-87h9
24
vulnerability VCID-dsqm-9q3e-dudw
25
vulnerability VCID-e564-zdku-9fc6
26
vulnerability VCID-ekvp-u4kk-kqdd
27
vulnerability VCID-eutz-mj58-audb
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-exjy-5cyn-zfg1
30
vulnerability VCID-fdnw-2tz5-4fdr
31
vulnerability VCID-fgqa-5fx9-nkaz
32
vulnerability VCID-fh61-7rfy-s3hg
33
vulnerability VCID-fqkx-v8t5-q3h6
34
vulnerability VCID-g7mm-vjbw-bbhd
35
vulnerability VCID-g9ns-sxkx-aqh1
36
vulnerability VCID-gpv4-4tpd-tbaa
37
vulnerability VCID-h217-xe8x-nua3
38
vulnerability VCID-h7cg-64er-uya9
39
vulnerability VCID-h7hf-sf2q-73ay
40
vulnerability VCID-hp99-ncuh-6ugv
41
vulnerability VCID-hsw8-nbs6-auaa
42
vulnerability VCID-hyx9-8ae6-sba8
43
vulnerability VCID-hzma-cduk-3uhp
44
vulnerability VCID-j8sh-5evd-dkaz
45
vulnerability VCID-jenc-czvj-g3gw
46
vulnerability VCID-jeqr-9tfu-f7b2
47
vulnerability VCID-jf28-91be-6kbr
48
vulnerability VCID-jmea-qzsr-wkf4
49
vulnerability VCID-jn38-wfec-7bb2
50
vulnerability VCID-jp1p-rfxa-hyd9
51
vulnerability VCID-jq5y-7h9g-mufa
52
vulnerability VCID-jqe4-8hzb-mfea
53
vulnerability VCID-jwb1-3sbg-kfa5
54
vulnerability VCID-kp2p-nbmg-ufen
55
vulnerability VCID-ks1q-a8x2-uqht
56
vulnerability VCID-m3nc-xbb4-yubr
57
vulnerability VCID-mctp-nf36-7qdn
58
vulnerability VCID-nhjv-nke2-2kf8
59
vulnerability VCID-njsj-bwjq-fyap
60
vulnerability VCID-nvbp-pbjw-3qgx
61
vulnerability VCID-p576-w7dd-p3h7
62
vulnerability VCID-p7gd-anw2-1qbz
63
vulnerability VCID-qcnh-z4zh-myaw
64
vulnerability VCID-s97a-nmk8-y3ay
65
vulnerability VCID-sdz8-hju8-4bcb
66
vulnerability VCID-sy7r-d6pv-yba9
67
vulnerability VCID-teby-zvvw-zkhv
68
vulnerability VCID-tgyt-axv1-c7ag
69
vulnerability VCID-tzpj-j3x1-ekgk
70
vulnerability VCID-u4tq-8qnk-5fd7
71
vulnerability VCID-u5he-6tqb-gqaf
72
vulnerability VCID-uq77-aax5-k7d8
73
vulnerability VCID-vq15-t92r-5bhx
74
vulnerability VCID-w58p-3wg1-7ycr
75
vulnerability VCID-x175-xjek-97ds
76
vulnerability VCID-xh68-defe-f7ce
77
vulnerability VCID-xpxg-qq49-b7fd
78
vulnerability VCID-xt7m-u9eb-fyd9
79
vulnerability VCID-xvyu-2hb8-8ufh
80
vulnerability VCID-xw1s-93bu-wuh9
81
vulnerability VCID-y1ap-y4az-x7ec
82
vulnerability VCID-ygw4-jdqu-4fbt
83
vulnerability VCID-yn6z-9v7k-x7br
84
vulnerability VCID-yz6t-ge1y-qfgr
85
vulnerability VCID-zrz3-3dnf-tbay
86
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1
aliases CVE-2015-8759, GHSA-j5v7-9xr5-m7gx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hm4k-wbq3-r7ej
29
url VCID-hp99-ncuh-6ugv
vulnerability_id VCID-hp99-ncuh-6ugv
summary 
Cross-site Scripting
Cross-Site Scripting in Frontend User Login.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-008/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-008/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-99
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hp99-ncuh-6ugv
30
url VCID-hsw8-nbs6-auaa
vulnerability_id VCID-hsw8-nbs6-auaa
summary 
Insertion of Sensitive Information into Log File in typo3/cms-core
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C` (4.9)

### Problem
It has been discovered that system internal credentials or keys (e.g. database credentials) have been logged as plaintext in exception handlers, when logging the complete exception stack trace.

### Solution
Update to TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.35 ELTS, 10.4.29, 11.5.11 that fix the problem described above.

### Credits
Thanks to Marco Huber who reported this issue and to TYPO3 security member Torben Hansen who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-002](https://typo3.org/security/advisory/typo3-core-sa-2022-002)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-31047
reference_id
reference_type
scores
0
value 0.00391
scoring_system epss
scoring_elements 0.60462
published_at 2026-06-04T12:55:00Z
1
value 0.00391
scoring_system epss
scoring_elements 0.60513
published_at 2026-06-06T12:55:00Z
2
value 0.00391
scoring_system epss
scoring_elements 0.6051
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-31047
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-31047.yaml
2
reference_url https://github.com/TYPO3-CMS/core
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3-CMS/core
3
reference_url https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a
4
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-31047
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-31047
6
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-002
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T14:05:23Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-002
7
reference_url https://github.com/advisories/GHSA-fh99-4pgr-8j99
reference_id GHSA-fh99-4pgr-8j99
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh99-4pgr-8j99
fixed_packages
0
url pkg:composer/typo3/cms@10.4.29
purl pkg:composer/typo3/cms@10.4.29
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-6a22-c7x5-sqe2
3
vulnerability VCID-6hnx-p9hv-jbg2
4
vulnerability VCID-6xgm-uan4-u7fu
5
vulnerability VCID-e4zc-fmh2-n7b8
6
vulnerability VCID-fyyr-48a7-8qch
7
vulnerability VCID-tzpj-j3x1-ekgk
8
vulnerability VCID-un7r-8sah-33cr
9
vulnerability VCID-x8qf-w4vq-mfhm
10
vulnerability VCID-x8tq-5na6-gfbj
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.29
1
url pkg:composer/typo3/cms@11.5.11
purl pkg:composer/typo3/cms@11.5.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-6a22-c7x5-sqe2
3
vulnerability VCID-6hnx-p9hv-jbg2
4
vulnerability VCID-6xgm-uan4-u7fu
5
vulnerability VCID-e4zc-fmh2-n7b8
6
vulnerability VCID-fyyr-48a7-8qch
7
vulnerability VCID-prdv-mrtk-gkdc
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-un7r-8sah-33cr
10
vulnerability VCID-x8qf-w4vq-mfhm
11
vulnerability VCID-x8tq-5na6-gfbj
12
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.11
aliases CVE-2022-31047, GHSA-fh99-4pgr-8j99
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hsw8-nbs6-auaa
31
url VCID-hyx9-8ae6-sba8
vulnerability_id VCID-hyx9-8ae6-sba8
summary 
TYPO3 Denial of Service in Frontend Record Registration
TYPO3’s built-in record registration functionality (aka `basic shopping cart`) using recs URL parameters is vulnerable to denial of service. Failing to properly ensure that anonymous user sessions are valid, attackers can use this vulnerability in order to create  an arbitrary amount of individual session-data records in the database.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-7.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-7.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/05011d1248c54d00960e344fd920a6246da92415
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/05011d1248c54d00960e344fd920a6246da92415
3
reference_url https://github.com/TYPO3/typo3/commit/fc2b4b9fb978088267f83e73cd401d4371dd40e3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/fc2b4b9fb978088267f83e73cd401d4371dd40e3
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-012
5
reference_url https://github.com/advisories/GHSA-g585-crjf-vhwq
reference_id GHSA-g585-crjf-vhwq
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g585-crjf-vhwq
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
aliases GHSA-g585-crjf-vhwq
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hyx9-8ae6-sba8
32
url VCID-j6x1-dfre-2bdq
vulnerability_id VCID-j6x1-dfre-2bdq
summary 
Unauthenticated Path Disclosure
It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation.
references
0
reference_url https://review.typo3.org/#/c/43120/
reference_id
reference_type
scores
url https://review.typo3.org/#/c/43120/
1
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008/
fixed_packages
0
url pkg:composer/typo3/cms@7.4.0
purl pkg:composer/typo3/cms@7.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5hm4-ms5p-uuae
5
vulnerability VCID-66kh-c1dm-8fbf
6
vulnerability VCID-8jcy-3kje-fqeh
7
vulnerability VCID-953t-q1cr-zyd6
8
vulnerability VCID-abjx-8v46-d7d8
9
vulnerability VCID-ansr-8m5j-pya6
10
vulnerability VCID-dsqm-9q3e-dudw
11
vulnerability VCID-e1ms-4r4s-g7e7
12
vulnerability VCID-e2bk-pfbe-puek
13
vulnerability VCID-e82x-2cdb-7fgn
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fdnw-2tz5-4fdr
16
vulnerability VCID-fqkx-v8t5-q3h6
17
vulnerability VCID-gpv4-4tpd-tbaa
18
vulnerability VCID-hm4k-wbq3-r7ej
19
vulnerability VCID-hp99-ncuh-6ugv
20
vulnerability VCID-hsw8-nbs6-auaa
21
vulnerability VCID-hyx9-8ae6-sba8
22
vulnerability VCID-jp1p-rfxa-hyd9
23
vulnerability VCID-jq5y-7h9g-mufa
24
vulnerability VCID-jwb1-3sbg-kfa5
25
vulnerability VCID-n18b-qe5x-z7cj
26
vulnerability VCID-nhjv-nke2-2kf8
27
vulnerability VCID-njsj-bwjq-fyap
28
vulnerability VCID-p576-w7dd-p3h7
29
vulnerability VCID-p7gd-anw2-1qbz
30
vulnerability VCID-qcnh-z4zh-myaw
31
vulnerability VCID-qek9-g3h8-nfdz
32
vulnerability VCID-rs13-zf7b-mka7
33
vulnerability VCID-teby-zvvw-zkhv
34
vulnerability VCID-tzpj-j3x1-ekgk
35
vulnerability VCID-u6h1-ccgw-jqds
36
vulnerability VCID-ub3e-hrb1-wqac
37
vulnerability VCID-uq77-aax5-k7d8
38
vulnerability VCID-vq15-t92r-5bhx
39
vulnerability VCID-wms8-dnuz-b3hc
40
vulnerability VCID-xvyu-2hb8-8ufh
41
vulnerability VCID-xw1s-93bu-wuh9
42
vulnerability VCID-yz6t-ge1y-qfgr
43
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.4.0
aliases GMS-2015-25
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-j6x1-dfre-2bdq
33
url VCID-jp1p-rfxa-hyd9
vulnerability_id VCID-jp1p-rfxa-hyd9
summary 
Cross-site Scripting
Content elements of type `_menu_` are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21370
reference_id
reference_type
scores
0
value 0.00342
scoring_system epss
scoring_elements 0.57172
published_at 2026-06-06T12:55:00Z
1
value 0.00342
scoring_system epss
scoring_elements 0.57164
published_at 2026-06-05T12:55:00Z
2
value 0.00342
scoring_system epss
scoring_elements 0.57112
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21370
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-21370.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-21370.yaml
3
reference_url https://packagist.org/packages/typo3/cms-backend
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://packagist.org/packages/typo3/cms-backend
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-008
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-008
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21370
reference_id CVE-2021-21370
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21370
6
reference_url https://github.com/advisories/GHSA-x7hc-x7fm-f7qh
reference_id GHSA-x7hc-x7fm-f7qh
reference_type
scores
url https://github.com/advisories/GHSA-x7hc-x7fm-f7qh
7
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh
reference_id GHSA-x7hc-x7fm-f7qh
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-x7hc-x7fm-f7qh
fixed_packages
0
url pkg:composer/typo3/cms@7.6.51
purl pkg:composer/typo3/cms@7.6.51
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-uq77-aax5-k7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.51
1
url pkg:composer/typo3/cms@8.7.40
purl pkg:composer/typo3/cms@8.7.40
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-j8hk-bqnb-gycp
1
vulnerability VCID-sdjb-gp4t-vbgt
2
vulnerability VCID-uq77-aax5-k7d8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.40
2
url pkg:composer/typo3/cms@9.5.25
purl pkg:composer/typo3/cms@9.5.25
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-6a22-c7x5-sqe2
4
vulnerability VCID-a1g9-pyz5-9fca
5
vulnerability VCID-hsw8-nbs6-auaa
6
vulnerability VCID-j8hk-bqnb-gycp
7
vulnerability VCID-sdjb-gp4t-vbgt
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-un7r-8sah-33cr
10
vulnerability VCID-uq77-aax5-k7d8
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.25
3
url pkg:composer/typo3/cms@10.4.14
purl pkg:composer/typo3/cms@10.4.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-36cz-khgc-6fft
5
vulnerability VCID-6a22-c7x5-sqe2
6
vulnerability VCID-6hnx-p9hv-jbg2
7
vulnerability VCID-6xgm-uan4-u7fu
8
vulnerability VCID-9c49-n1a2-pubu
9
vulnerability VCID-a1g9-pyz5-9fca
10
vulnerability VCID-e4zc-fmh2-n7b8
11
vulnerability VCID-fyyr-48a7-8qch
12
vulnerability VCID-gbev-1zs8-8bac
13
vulnerability VCID-hsw8-nbs6-auaa
14
vulnerability VCID-j8hk-bqnb-gycp
15
vulnerability VCID-sdjb-gp4t-vbgt
16
vulnerability VCID-tzpj-j3x1-ekgk
17
vulnerability VCID-un7r-8sah-33cr
18
vulnerability VCID-uq77-aax5-k7d8
19
vulnerability VCID-x8qf-w4vq-mfhm
20
vulnerability VCID-x8tq-5na6-gfbj
21
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.14
4
url pkg:composer/typo3/cms@11.1.1
purl pkg:composer/typo3/cms@11.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-36cz-khgc-6fft
5
vulnerability VCID-6a22-c7x5-sqe2
6
vulnerability VCID-6hnx-p9hv-jbg2
7
vulnerability VCID-6xgm-uan4-u7fu
8
vulnerability VCID-9c49-n1a2-pubu
9
vulnerability VCID-a1g9-pyz5-9fca
10
vulnerability VCID-e4zc-fmh2-n7b8
11
vulnerability VCID-fsx8-7qjz-2ubw
12
vulnerability VCID-fyyr-48a7-8qch
13
vulnerability VCID-gbev-1zs8-8bac
14
vulnerability VCID-hsw8-nbs6-auaa
15
vulnerability VCID-j8hk-bqnb-gycp
16
vulnerability VCID-sdjb-gp4t-vbgt
17
vulnerability VCID-tzpj-j3x1-ekgk
18
vulnerability VCID-un7r-8sah-33cr
19
vulnerability VCID-uq77-aax5-k7d8
20
vulnerability VCID-x8qf-w4vq-mfhm
21
vulnerability VCID-x8tq-5na6-gfbj
22
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.1.1
aliases CVE-2021-21370, GHSA-x7hc-x7fm-f7qh
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jp1p-rfxa-hyd9
34
url VCID-jq5y-7h9g-mufa
vulnerability_id VCID-jq5y-7h9g-mufa
summary Information Disclosure in Install Tool.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-010/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-010/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-101
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jq5y-7h9g-mufa
35
url VCID-jwb1-3sbg-kfa5
vulnerability_id VCID-jwb1-3sbg-kfa5
summary 
TYPO3 Denial of Service in Online Media Asset Handling
Online Media Asset Handling (*`.youtube` and *`.vimeo` files) in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a dysfunctional backend component. A valid backend user account or write access on the server system (e.g. SFTP) is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-6.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-6.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/054799caf53b28ff92e00aff957fab88c45a7509
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/054799caf53b28ff92e00aff957fab88c45a7509
3
reference_url https://github.com/TYPO3/typo3/commit/16567366e2a25c0cbed7208c3be9eda962e28c9b
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/16567366e2a25c0cbed7208c3be9eda962e28c9b
4
reference_url https://github.com/TYPO3/typo3/commit/7a5155e0137d01db7e5723849f0493ad5b0c98ac
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/7a5155e0137d01db7e5723849f0493ad5b0c98ac
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-011
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-011
6
reference_url https://github.com/advisories/GHSA-f3wf-q4fj-3gxf
reference_id GHSA-f3wf-q4fj-3gxf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f3wf-q4fj-3gxf
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-f3wf-q4fj-3gxf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jwb1-3sbg-kfa5
36
url VCID-n18b-qe5x-z7cj
vulnerability_id VCID-n18b-qe5x-z7cj
summary 
Cross-Site Scripting vulnerability in typolinks
All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert javascript commands by using the url scheme "javascript:".
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-012/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.1
purl pkg:composer/typo3/cms@7.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2r7u-mc45-8yhe
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-2vpx-fqb6-aqfa
5
vulnerability VCID-39jx-muqb-nkfq
6
vulnerability VCID-3ugj-6m1e-e3hr
7
vulnerability VCID-4wnp-gusy-43b8
8
vulnerability VCID-5dxs-cdht-27hw
9
vulnerability VCID-5hm4-ms5p-uuae
10
vulnerability VCID-5ppx-p8eq-mbgk
11
vulnerability VCID-5u2f-5zzf-j3e4
12
vulnerability VCID-66kh-c1dm-8fbf
13
vulnerability VCID-66ru-n2df-b3ay
14
vulnerability VCID-6su8-bbrw-hbhp
15
vulnerability VCID-727q-h3ey-6yc9
16
vulnerability VCID-8jcy-3kje-fqeh
17
vulnerability VCID-8p64-6zpt-t3av
18
vulnerability VCID-953t-q1cr-zyd6
19
vulnerability VCID-9726-hafj-wkay
20
vulnerability VCID-9saf-w56y-pugz
21
vulnerability VCID-abjx-8v46-d7d8
22
vulnerability VCID-bstt-ybrs-5ua3
23
vulnerability VCID-dd9u-w2y2-87h9
24
vulnerability VCID-dsqm-9q3e-dudw
25
vulnerability VCID-e564-zdku-9fc6
26
vulnerability VCID-ekvp-u4kk-kqdd
27
vulnerability VCID-eutz-mj58-audb
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-exjy-5cyn-zfg1
30
vulnerability VCID-fdnw-2tz5-4fdr
31
vulnerability VCID-fgqa-5fx9-nkaz
32
vulnerability VCID-fh61-7rfy-s3hg
33
vulnerability VCID-fqkx-v8t5-q3h6
34
vulnerability VCID-g7mm-vjbw-bbhd
35
vulnerability VCID-g9ns-sxkx-aqh1
36
vulnerability VCID-gpv4-4tpd-tbaa
37
vulnerability VCID-h217-xe8x-nua3
38
vulnerability VCID-h7cg-64er-uya9
39
vulnerability VCID-h7hf-sf2q-73ay
40
vulnerability VCID-hp99-ncuh-6ugv
41
vulnerability VCID-hsw8-nbs6-auaa
42
vulnerability VCID-hyx9-8ae6-sba8
43
vulnerability VCID-hzma-cduk-3uhp
44
vulnerability VCID-j8sh-5evd-dkaz
45
vulnerability VCID-jenc-czvj-g3gw
46
vulnerability VCID-jeqr-9tfu-f7b2
47
vulnerability VCID-jf28-91be-6kbr
48
vulnerability VCID-jmea-qzsr-wkf4
49
vulnerability VCID-jn38-wfec-7bb2
50
vulnerability VCID-jp1p-rfxa-hyd9
51
vulnerability VCID-jq5y-7h9g-mufa
52
vulnerability VCID-jqe4-8hzb-mfea
53
vulnerability VCID-jwb1-3sbg-kfa5
54
vulnerability VCID-kp2p-nbmg-ufen
55
vulnerability VCID-ks1q-a8x2-uqht
56
vulnerability VCID-m3nc-xbb4-yubr
57
vulnerability VCID-mctp-nf36-7qdn
58
vulnerability VCID-nhjv-nke2-2kf8
59
vulnerability VCID-njsj-bwjq-fyap
60
vulnerability VCID-nvbp-pbjw-3qgx
61
vulnerability VCID-p576-w7dd-p3h7
62
vulnerability VCID-p7gd-anw2-1qbz
63
vulnerability VCID-qcnh-z4zh-myaw
64
vulnerability VCID-s97a-nmk8-y3ay
65
vulnerability VCID-sdz8-hju8-4bcb
66
vulnerability VCID-sy7r-d6pv-yba9
67
vulnerability VCID-teby-zvvw-zkhv
68
vulnerability VCID-tgyt-axv1-c7ag
69
vulnerability VCID-tzpj-j3x1-ekgk
70
vulnerability VCID-u4tq-8qnk-5fd7
71
vulnerability VCID-u5he-6tqb-gqaf
72
vulnerability VCID-uq77-aax5-k7d8
73
vulnerability VCID-vq15-t92r-5bhx
74
vulnerability VCID-w58p-3wg1-7ycr
75
vulnerability VCID-x175-xjek-97ds
76
vulnerability VCID-xh68-defe-f7ce
77
vulnerability VCID-xpxg-qq49-b7fd
78
vulnerability VCID-xt7m-u9eb-fyd9
79
vulnerability VCID-xvyu-2hb8-8ufh
80
vulnerability VCID-xw1s-93bu-wuh9
81
vulnerability VCID-y1ap-y4az-x7ec
82
vulnerability VCID-ygw4-jdqu-4fbt
83
vulnerability VCID-yn6z-9v7k-x7br
84
vulnerability VCID-yz6t-ge1y-qfgr
85
vulnerability VCID-zrz3-3dnf-tbay
86
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1
aliases TYPO3-CORE-SA-2015-012
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n18b-qe5x-z7cj
37
url VCID-nhjv-nke2-2kf8
vulnerability_id VCID-nhjv-nke2-2kf8
summary 
Missing Access Check
Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute.
references
0
reference_url https://github.com/TYPO3/TYPO3.CMS/commit/21ed4054212babb7ec75d80a24f95c6ba25bd2fb
reference_id
reference_type
scores
url https://github.com/TYPO3/TYPO3.CMS/commit/21ed4054212babb7ec75d80a24f95c6ba25bd2fb
1
reference_url https://github.com/TYPO3/TYPO3.CMS/commit/404f09d491c96b294ded5e2741277dfbeba92807
reference_id
reference_type
scores
url https://github.com/TYPO3/TYPO3.CMS/commit/404f09d491c96b294ded5e2741277dfbeba92807
2
reference_url https://github.com/TYPO3/TYPO3.CMS/commit/c10db60dfc87c33542c418fa316754a5309c3e26
reference_id
reference_type
scores
url https://github.com/TYPO3/TYPO3.CMS/commit/c10db60dfc87c33542c418fa316754a5309c3e26
3
reference_url https://typo3.org/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/missing-access-check-in-typo3-cms/
reference_id
reference_type
scores
url https://typo3.org/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/missing-access-check-in-typo3-cms/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.8
purl pkg:composer/typo3/cms@7.6.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-2vpx-fqb6-aqfa
4
vulnerability VCID-3ugj-6m1e-e3hr
5
vulnerability VCID-4wnp-gusy-43b8
6
vulnerability VCID-5dxs-cdht-27hw
7
vulnerability VCID-5hm4-ms5p-uuae
8
vulnerability VCID-5u2f-5zzf-j3e4
9
vulnerability VCID-66kh-c1dm-8fbf
10
vulnerability VCID-66ru-n2df-b3ay
11
vulnerability VCID-727q-h3ey-6yc9
12
vulnerability VCID-8jcy-3kje-fqeh
13
vulnerability VCID-953t-q1cr-zyd6
14
vulnerability VCID-9726-hafj-wkay
15
vulnerability VCID-9saf-w56y-pugz
16
vulnerability VCID-abjx-8v46-d7d8
17
vulnerability VCID-bstt-ybrs-5ua3
18
vulnerability VCID-dd9u-w2y2-87h9
19
vulnerability VCID-dsqm-9q3e-dudw
20
vulnerability VCID-e564-zdku-9fc6
21
vulnerability VCID-eutz-mj58-audb
22
vulnerability VCID-ev4k-5k1d-2bhu
23
vulnerability VCID-fdnw-2tz5-4fdr
24
vulnerability VCID-fh61-7rfy-s3hg
25
vulnerability VCID-fqkx-v8t5-q3h6
26
vulnerability VCID-g7mm-vjbw-bbhd
27
vulnerability VCID-gpv4-4tpd-tbaa
28
vulnerability VCID-h217-xe8x-nua3
29
vulnerability VCID-h7cg-64er-uya9
30
vulnerability VCID-h7hf-sf2q-73ay
31
vulnerability VCID-hp99-ncuh-6ugv
32
vulnerability VCID-hsw8-nbs6-auaa
33
vulnerability VCID-hyx9-8ae6-sba8
34
vulnerability VCID-hzma-cduk-3uhp
35
vulnerability VCID-j8sh-5evd-dkaz
36
vulnerability VCID-jeqr-9tfu-f7b2
37
vulnerability VCID-jmea-qzsr-wkf4
38
vulnerability VCID-jp1p-rfxa-hyd9
39
vulnerability VCID-jq5y-7h9g-mufa
40
vulnerability VCID-jqe4-8hzb-mfea
41
vulnerability VCID-jwb1-3sbg-kfa5
42
vulnerability VCID-kp2p-nbmg-ufen
43
vulnerability VCID-ks1q-a8x2-uqht
44
vulnerability VCID-m3nc-xbb4-yubr
45
vulnerability VCID-mctp-nf36-7qdn
46
vulnerability VCID-njsj-bwjq-fyap
47
vulnerability VCID-nvbp-pbjw-3qgx
48
vulnerability VCID-p576-w7dd-p3h7
49
vulnerability VCID-p7gd-anw2-1qbz
50
vulnerability VCID-qcnh-z4zh-myaw
51
vulnerability VCID-sdz8-hju8-4bcb
52
vulnerability VCID-sy7r-d6pv-yba9
53
vulnerability VCID-teby-zvvw-zkhv
54
vulnerability VCID-tgyt-axv1-c7ag
55
vulnerability VCID-tzpj-j3x1-ekgk
56
vulnerability VCID-u5he-6tqb-gqaf
57
vulnerability VCID-uq77-aax5-k7d8
58
vulnerability VCID-vq15-t92r-5bhx
59
vulnerability VCID-w58p-3wg1-7ycr
60
vulnerability VCID-x175-xjek-97ds
61
vulnerability VCID-xh68-defe-f7ce
62
vulnerability VCID-xpxg-qq49-b7fd
63
vulnerability VCID-xvyu-2hb8-8ufh
64
vulnerability VCID-xw1s-93bu-wuh9
65
vulnerability VCID-ygw4-jdqu-4fbt
66
vulnerability VCID-yn6z-9v7k-x7br
67
vulnerability VCID-yz6t-ge1y-qfgr
68
vulnerability VCID-zrz3-3dnf-tbay
69
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.8
1
url pkg:composer/typo3/cms@8.1.1
purl pkg:composer/typo3/cms@8.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-2vpx-fqb6-aqfa
7
vulnerability VCID-39vn-73mc-jqav
8
vulnerability VCID-3ugj-6m1e-e3hr
9
vulnerability VCID-4eym-e6vt-8fbs
10
vulnerability VCID-4wnp-gusy-43b8
11
vulnerability VCID-5dxs-cdht-27hw
12
vulnerability VCID-5hm4-ms5p-uuae
13
vulnerability VCID-5k47-9k7t-rqak
14
vulnerability VCID-5u2f-5zzf-j3e4
15
vulnerability VCID-66kh-c1dm-8fbf
16
vulnerability VCID-66ru-n2df-b3ay
17
vulnerability VCID-727q-h3ey-6yc9
18
vulnerability VCID-7ch1-q9f4-a7bt
19
vulnerability VCID-7m6u-k5tp-gkhy
20
vulnerability VCID-848u-w88s-5bbe
21
vulnerability VCID-8jcy-3kje-fqeh
22
vulnerability VCID-94r9-hh4g-jkej
23
vulnerability VCID-953t-q1cr-zyd6
24
vulnerability VCID-9726-hafj-wkay
25
vulnerability VCID-9saf-w56y-pugz
26
vulnerability VCID-9yu1-z7c2-t3fj
27
vulnerability VCID-abjx-8v46-d7d8
28
vulnerability VCID-am6s-67bm-77dr
29
vulnerability VCID-bn3p-39sv-6fdg
30
vulnerability VCID-bq2j-t19h-zyad
31
vulnerability VCID-bstt-ybrs-5ua3
32
vulnerability VCID-buj5-2t53-3kcr
33
vulnerability VCID-d6c2-upx1-e7cd
34
vulnerability VCID-dsqm-9q3e-dudw
35
vulnerability VCID-e564-zdku-9fc6
36
vulnerability VCID-emqq-kwjg-3kfk
37
vulnerability VCID-eutz-mj58-audb
38
vulnerability VCID-ev4k-5k1d-2bhu
39
vulnerability VCID-f319-jpf5-hyex
40
vulnerability VCID-fdnw-2tz5-4fdr
41
vulnerability VCID-fh61-7rfy-s3hg
42
vulnerability VCID-fqkc-utex-3kav
43
vulnerability VCID-fqkx-v8t5-q3h6
44
vulnerability VCID-fut7-bb1f-37g7
45
vulnerability VCID-g7mm-vjbw-bbhd
46
vulnerability VCID-gk79-jtuz-myh6
47
vulnerability VCID-gpv4-4tpd-tbaa
48
vulnerability VCID-h217-xe8x-nua3
49
vulnerability VCID-h7cg-64er-uya9
50
vulnerability VCID-h7hf-sf2q-73ay
51
vulnerability VCID-hp99-ncuh-6ugv
52
vulnerability VCID-hsw8-nbs6-auaa
53
vulnerability VCID-hyx9-8ae6-sba8
54
vulnerability VCID-hzma-cduk-3uhp
55
vulnerability VCID-j8hk-bqnb-gycp
56
vulnerability VCID-j8sh-5evd-dkaz
57
vulnerability VCID-jeqr-9tfu-f7b2
58
vulnerability VCID-jmea-qzsr-wkf4
59
vulnerability VCID-jp1p-rfxa-hyd9
60
vulnerability VCID-jq5y-7h9g-mufa
61
vulnerability VCID-jqe4-8hzb-mfea
62
vulnerability VCID-jwb1-3sbg-kfa5
63
vulnerability VCID-k5t3-28es-h3ez
64
vulnerability VCID-khpm-e1xb-hydb
65
vulnerability VCID-ks1q-a8x2-uqht
66
vulnerability VCID-m3nc-xbb4-yubr
67
vulnerability VCID-mctp-nf36-7qdn
68
vulnerability VCID-njsj-bwjq-fyap
69
vulnerability VCID-nney-azbc-pucg
70
vulnerability VCID-nvbp-pbjw-3qgx
71
vulnerability VCID-p576-w7dd-p3h7
72
vulnerability VCID-p7gd-anw2-1qbz
73
vulnerability VCID-pmvp-twk2-jqe4
74
vulnerability VCID-q2ym-y2rz-1bdn
75
vulnerability VCID-q52p-xfj8-gygd
76
vulnerability VCID-q7vt-19eb-sqeq
77
vulnerability VCID-qcnh-z4zh-myaw
78
vulnerability VCID-qdxh-arxx-wbcr
79
vulnerability VCID-qxab-9uwr-yqhv
80
vulnerability VCID-rqrw-t2kj-mud8
81
vulnerability VCID-ru6w-m6q6-27gn
82
vulnerability VCID-sdjb-gp4t-vbgt
83
vulnerability VCID-sdsa-mh76-kqch
84
vulnerability VCID-sdz8-hju8-4bcb
85
vulnerability VCID-sy7r-d6pv-yba9
86
vulnerability VCID-teby-zvvw-zkhv
87
vulnerability VCID-tzpj-j3x1-ekgk
88
vulnerability VCID-u259-2sxq-tbct
89
vulnerability VCID-u5he-6tqb-gqaf
90
vulnerability VCID-u6as-cwxc-pkhk
91
vulnerability VCID-uq77-aax5-k7d8
92
vulnerability VCID-vq15-t92r-5bhx
93
vulnerability VCID-vw2r-g8yy-eyf4
94
vulnerability VCID-w483-prq4-rycx
95
vulnerability VCID-w58p-3wg1-7ycr
96
vulnerability VCID-wat8-4m83-hken
97
vulnerability VCID-wy45-2gmr-fkfg
98
vulnerability VCID-x175-xjek-97ds
99
vulnerability VCID-x5x1-w7yv-eye9
100
vulnerability VCID-xh68-defe-f7ce
101
vulnerability VCID-xpxg-qq49-b7fd
102
vulnerability VCID-xvyu-2hb8-8ufh
103
vulnerability VCID-xw1s-93bu-wuh9
104
vulnerability VCID-y7ds-p5r2-yuhq
105
vulnerability VCID-ygw4-jdqu-4fbt
106
vulnerability VCID-yh6b-tc4u-v3bk
107
vulnerability VCID-yn6z-9v7k-x7br
108
vulnerability VCID-yz6t-ge1y-qfgr
109
vulnerability VCID-zgfw-pk39-gyg8
110
vulnerability VCID-zmwv-gwq3-fkej
111
vulnerability VCID-zrz3-3dnf-tbay
112
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.1.1
aliases TYPO3-CORE-SA-2016-013
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhjv-nke2-2kf8
38
url VCID-njsj-bwjq-fyap
vulnerability_id VCID-njsj-bwjq-fyap
summary Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-002/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-002/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.30
purl pkg:composer/typo3/cms@7.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-953t-q1cr-zyd6
5
vulnerability VCID-dsqm-9q3e-dudw
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fdnw-2tz5-4fdr
8
vulnerability VCID-fqkx-v8t5-q3h6
9
vulnerability VCID-gpv4-4tpd-tbaa
10
vulnerability VCID-hp99-ncuh-6ugv
11
vulnerability VCID-hsw8-nbs6-auaa
12
vulnerability VCID-hyx9-8ae6-sba8
13
vulnerability VCID-jp1p-rfxa-hyd9
14
vulnerability VCID-jq5y-7h9g-mufa
15
vulnerability VCID-jwb1-3sbg-kfa5
16
vulnerability VCID-p576-w7dd-p3h7
17
vulnerability VCID-p7gd-anw2-1qbz
18
vulnerability VCID-teby-zvvw-zkhv
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-tzpj-j3x1-ekgk
21
vulnerability VCID-uq77-aax5-k7d8
22
vulnerability VCID-xvyu-2hb8-8ufh
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-yz6t-ge1y-qfgr
25
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30
1
url pkg:composer/typo3/cms@8.7.17
purl pkg:composer/typo3/cms@8.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-6a22-c7x5-sqe2
11
vulnerability VCID-7ch1-q9f4-a7bt
12
vulnerability VCID-7m6u-k5tp-gkhy
13
vulnerability VCID-848u-w88s-5bbe
14
vulnerability VCID-94r9-hh4g-jkej
15
vulnerability VCID-953t-q1cr-zyd6
16
vulnerability VCID-9yu1-z7c2-t3fj
17
vulnerability VCID-am6s-67bm-77dr
18
vulnerability VCID-bn3p-39sv-6fdg
19
vulnerability VCID-buj5-2t53-3kcr
20
vulnerability VCID-dsqm-9q3e-dudw
21
vulnerability VCID-emqq-kwjg-3kfk
22
vulnerability VCID-ev4k-5k1d-2bhu
23
vulnerability VCID-f319-jpf5-hyex
24
vulnerability VCID-fdnw-2tz5-4fdr
25
vulnerability VCID-fqkc-utex-3kav
26
vulnerability VCID-fqkx-v8t5-q3h6
27
vulnerability VCID-fut7-bb1f-37g7
28
vulnerability VCID-gpv4-4tpd-tbaa
29
vulnerability VCID-hp99-ncuh-6ugv
30
vulnerability VCID-hsw8-nbs6-auaa
31
vulnerability VCID-hyx9-8ae6-sba8
32
vulnerability VCID-j8hk-bqnb-gycp
33
vulnerability VCID-jp1p-rfxa-hyd9
34
vulnerability VCID-jq5y-7h9g-mufa
35
vulnerability VCID-jwb1-3sbg-kfa5
36
vulnerability VCID-k5t3-28es-h3ez
37
vulnerability VCID-khpm-e1xb-hydb
38
vulnerability VCID-nney-azbc-pucg
39
vulnerability VCID-p576-w7dd-p3h7
40
vulnerability VCID-p7gd-anw2-1qbz
41
vulnerability VCID-pmvp-twk2-jqe4
42
vulnerability VCID-q7vt-19eb-sqeq
43
vulnerability VCID-qdxh-arxx-wbcr
44
vulnerability VCID-qv14-m93d-jyd9
45
vulnerability VCID-qxab-9uwr-yqhv
46
vulnerability VCID-rqrw-t2kj-mud8
47
vulnerability VCID-ru6w-m6q6-27gn
48
vulnerability VCID-sdjb-gp4t-vbgt
49
vulnerability VCID-sdsa-mh76-kqch
50
vulnerability VCID-teby-zvvw-zkhv
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-uq77-aax5-k7d8
56
vulnerability VCID-vw2r-g8yy-eyf4
57
vulnerability VCID-w483-prq4-rycx
58
vulnerability VCID-wat8-4m83-hken
59
vulnerability VCID-x5x1-w7yv-eye9
60
vulnerability VCID-xvyu-2hb8-8ufh
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-yz6t-ge1y-qfgr
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zmwv-gwq3-fkej
67
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17
2
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-28fn-ncj5-2ufk
5
vulnerability VCID-2rhr-8vaz-hqfj
6
vulnerability VCID-2rmv-a83x-9ka8
7
vulnerability VCID-39vn-73mc-jqav
8
vulnerability VCID-3k2k-a3gb-n3ba
9
vulnerability VCID-3ugj-6m1e-e3hr
10
vulnerability VCID-3ye6-vqje-abh4
11
vulnerability VCID-4an7-9ph4-mkd4
12
vulnerability VCID-4eym-e6vt-8fbs
13
vulnerability VCID-4jck-w9ct-budk
14
vulnerability VCID-5k47-9k7t-rqak
15
vulnerability VCID-6a22-c7x5-sqe2
16
vulnerability VCID-6mnf-2fcw-dqgp
17
vulnerability VCID-7ch1-q9f4-a7bt
18
vulnerability VCID-7m6u-k5tp-gkhy
19
vulnerability VCID-7xv1-78u7-xufp
20
vulnerability VCID-848u-w88s-5bbe
21
vulnerability VCID-8w4e-d49b-nbg8
22
vulnerability VCID-94r9-hh4g-jkej
23
vulnerability VCID-953t-q1cr-zyd6
24
vulnerability VCID-9adx-p876-kyb5
25
vulnerability VCID-9yu1-z7c2-t3fj
26
vulnerability VCID-a1g9-pyz5-9fca
27
vulnerability VCID-am6s-67bm-77dr
28
vulnerability VCID-bbh5-rss8-bfct
29
vulnerability VCID-buj5-2t53-3kcr
30
vulnerability VCID-cvk2-93hm-gkhx
31
vulnerability VCID-dsqm-9q3e-dudw
32
vulnerability VCID-e6zr-4bgg-kkh5
33
vulnerability VCID-emqq-kwjg-3kfk
34
vulnerability VCID-ev4k-5k1d-2bhu
35
vulnerability VCID-f319-jpf5-hyex
36
vulnerability VCID-f4n7-q72x-3yea
37
vulnerability VCID-fqkc-utex-3kav
38
vulnerability VCID-fqkx-v8t5-q3h6
39
vulnerability VCID-fut7-bb1f-37g7
40
vulnerability VCID-gpv4-4tpd-tbaa
41
vulnerability VCID-hp99-ncuh-6ugv
42
vulnerability VCID-hsw8-nbs6-auaa
43
vulnerability VCID-j8hk-bqnb-gycp
44
vulnerability VCID-jp1p-rfxa-hyd9
45
vulnerability VCID-jq5y-7h9g-mufa
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-n1gz-y615-cbbk
50
vulnerability VCID-nney-azbc-pucg
51
vulnerability VCID-p576-w7dd-p3h7
52
vulnerability VCID-p7gd-anw2-1qbz
53
vulnerability VCID-pmvp-twk2-jqe4
54
vulnerability VCID-q2t1-kx56-s3c3
55
vulnerability VCID-q7vt-19eb-sqeq
56
vulnerability VCID-qdxh-arxx-wbcr
57
vulnerability VCID-qv14-m93d-jyd9
58
vulnerability VCID-qxab-9uwr-yqhv
59
vulnerability VCID-rqrw-t2kj-mud8
60
vulnerability VCID-ru6w-m6q6-27gn
61
vulnerability VCID-sdjb-gp4t-vbgt
62
vulnerability VCID-sdsa-mh76-kqch
63
vulnerability VCID-teby-zvvw-zkhv
64
vulnerability VCID-tgyt-axv1-c7ag
65
vulnerability VCID-tzpj-j3x1-ekgk
66
vulnerability VCID-u259-2sxq-tbct
67
vulnerability VCID-u6as-cwxc-pkhk
68
vulnerability VCID-un7r-8sah-33cr
69
vulnerability VCID-uq77-aax5-k7d8
70
vulnerability VCID-vw2r-g8yy-eyf4
71
vulnerability VCID-w7z1-aw31-vugx
72
vulnerability VCID-wat8-4m83-hken
73
vulnerability VCID-x5x1-w7yv-eye9
74
vulnerability VCID-xvyu-2hb8-8ufh
75
vulnerability VCID-xw1s-93bu-wuh9
76
vulnerability VCID-y7ds-p5r2-yuhq
77
vulnerability VCID-yh6b-tc4u-v3bk
78
vulnerability VCID-yz6t-ge1y-qfgr
79
vulnerability VCID-zeut-9wfp-q7et
80
vulnerability VCID-zgfw-pk39-gyg8
81
vulnerability VCID-zkvq-bms4-gfcv
82
vulnerability VCID-zmwv-gwq3-fkej
83
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GMS-2018-94
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-njsj-bwjq-fyap
39
url VCID-p576-w7dd-p3h7
vulnerability_id VCID-p576-w7dd-p3h7
summary 
TYPO3 Security Misconfiguration in Install Tool Cookie
It has been discovered that cookies created in the Install Tool are not hardened to be submitted only via HTTP. In combination with other vulnerabilities such as cross-site scripting it can lead to hijacking an active and valid session in the Install Tool.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-4.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-4.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/13328b0f74ac589a20b021db814dfa672581c26a
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/13328b0f74ac589a20b021db814dfa672581c26a
3
reference_url https://github.com/TYPO3/typo3/commit/918e50e4d20d88c7e40ad3bb134267d07706b0b1
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/918e50e4d20d88c7e40ad3bb134267d07706b0b1
4
reference_url https://github.com/TYPO3/typo3/commit/a5359491e3fb3164a6ba96a66c8e67fbb9971a4c
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/a5359491e3fb3164a6ba96a66c8e67fbb9971a4c
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-009
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-009
6
reference_url https://github.com/advisories/GHSA-f777-f784-36gm
reference_id GHSA-f777-f784-36gm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f777-f784-36gm
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-f777-f784-36gm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p576-w7dd-p3h7
40
url VCID-p7gd-anw2-1qbz
vulnerability_id VCID-p7gd-anw2-1qbz
summary 
Deserialization of Untrusted Data
It has been discovered that the classes `QueryGenerator` and `QueryView` are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension `ext:lowlevel` (Backend Module `DB Check`) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension `ext:sys_action` installed, with a valid backend user who has limited privileges.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19849
reference_id
reference_type
scores
0
value 0.00746
scoring_system epss
scoring_elements 0.73456
published_at 2026-06-05T12:55:00Z
1
value 0.00746
scoring_system epss
scoring_elements 0.73462
published_at 2026-06-06T12:55:00Z
2
value 0.00746
scoring_system epss
scoring_elements 0.7342
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19849
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19849.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19849.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19849.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19849.yaml
3
reference_url https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://review.typo3.org/q/%2522Resolves:+%252389005%2522+topic:security
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-026
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-026
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-026/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-026/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19849
reference_id CVE-2019-19849
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19849
7
reference_url https://github.com/advisories/GHSA-rcgc-4xfc-564v
reference_id GHSA-rcgc-4xfc-564v
reference_type
scores
url https://github.com/advisories/GHSA-rcgc-4xfc-564v
fixed_packages
0
url pkg:composer/typo3/cms@8.7.30
purl pkg:composer/typo3/cms@8.7.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-1ffs-9vj5-27hk
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-6a22-c7x5-sqe2
5
vulnerability VCID-848u-w88s-5bbe
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fqkx-v8t5-q3h6
8
vulnerability VCID-hsw8-nbs6-auaa
9
vulnerability VCID-j8hk-bqnb-gycp
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-sdjb-gp4t-vbgt
12
vulnerability VCID-tgyt-axv1-c7ag
13
vulnerability VCID-tzpj-j3x1-ekgk
14
vulnerability VCID-uq77-aax5-k7d8
15
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.30
1
url pkg:composer/typo3/cms@9.5.12
purl pkg:composer/typo3/cms@9.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-1ffs-9vj5-27hk
2
vulnerability VCID-1sfk-z8py-ykb8
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-4an7-9ph4-mkd4
6
vulnerability VCID-6a22-c7x5-sqe2
7
vulnerability VCID-6mnf-2fcw-dqgp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-a1g9-pyz5-9fca
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-bcbd-zzet-mff6
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-hsw8-nbs6-auaa
17
vulnerability VCID-j8hk-bqnb-gycp
18
vulnerability VCID-jp1p-rfxa-hyd9
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-sdjb-gp4t-vbgt
21
vulnerability VCID-tgyt-axv1-c7ag
22
vulnerability VCID-tzpj-j3x1-ekgk
23
vulnerability VCID-un7r-8sah-33cr
24
vulnerability VCID-uq77-aax5-k7d8
25
vulnerability VCID-zkvq-bms4-gfcv
26
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12
2
url pkg:composer/typo3/cms@10.2.1
purl pkg:composer/typo3/cms@10.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-2tz2-8qdm-2kcv
7
vulnerability VCID-36cz-khgc-6fft
8
vulnerability VCID-4an7-9ph4-mkd4
9
vulnerability VCID-6a22-c7x5-sqe2
10
vulnerability VCID-6hnx-p9hv-jbg2
11
vulnerability VCID-6mnf-2fcw-dqgp
12
vulnerability VCID-6urp-p9mn-cffv
13
vulnerability VCID-6xgm-uan4-u7fu
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-8w4e-d49b-nbg8
16
vulnerability VCID-9c49-n1a2-pubu
17
vulnerability VCID-a1g9-pyz5-9fca
18
vulnerability VCID-bbh5-rss8-bfct
19
vulnerability VCID-bcbd-zzet-mff6
20
vulnerability VCID-c46m-ht19-ybc4
21
vulnerability VCID-e4zc-fmh2-n7b8
22
vulnerability VCID-e6zr-4bgg-kkh5
23
vulnerability VCID-ev4k-5k1d-2bhu
24
vulnerability VCID-fqkx-v8t5-q3h6
25
vulnerability VCID-fyyr-48a7-8qch
26
vulnerability VCID-gbev-1zs8-8bac
27
vulnerability VCID-hsw8-nbs6-auaa
28
vulnerability VCID-j8hk-bqnb-gycp
29
vulnerability VCID-jp1p-rfxa-hyd9
30
vulnerability VCID-n1gz-y615-cbbk
31
vulnerability VCID-r3az-g422-gqf9
32
vulnerability VCID-sdjb-gp4t-vbgt
33
vulnerability VCID-tgyt-axv1-c7ag
34
vulnerability VCID-tzpj-j3x1-ekgk
35
vulnerability VCID-un7r-8sah-33cr
36
vulnerability VCID-uq77-aax5-k7d8
37
vulnerability VCID-x8qf-w4vq-mfhm
38
vulnerability VCID-x8tq-5na6-gfbj
39
vulnerability VCID-zkvq-bms4-gfcv
40
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.1
3
url pkg:composer/typo3/cms@10.2.2
purl pkg:composer/typo3/cms@10.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-2tz2-8qdm-2kcv
7
vulnerability VCID-36cz-khgc-6fft
8
vulnerability VCID-4an7-9ph4-mkd4
9
vulnerability VCID-6a22-c7x5-sqe2
10
vulnerability VCID-6hnx-p9hv-jbg2
11
vulnerability VCID-6mnf-2fcw-dqgp
12
vulnerability VCID-6urp-p9mn-cffv
13
vulnerability VCID-6xgm-uan4-u7fu
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-8w4e-d49b-nbg8
16
vulnerability VCID-9c49-n1a2-pubu
17
vulnerability VCID-a1g9-pyz5-9fca
18
vulnerability VCID-bbh5-rss8-bfct
19
vulnerability VCID-bcbd-zzet-mff6
20
vulnerability VCID-c46m-ht19-ybc4
21
vulnerability VCID-e4zc-fmh2-n7b8
22
vulnerability VCID-e6zr-4bgg-kkh5
23
vulnerability VCID-ev4k-5k1d-2bhu
24
vulnerability VCID-fqkx-v8t5-q3h6
25
vulnerability VCID-fyyr-48a7-8qch
26
vulnerability VCID-gbev-1zs8-8bac
27
vulnerability VCID-hsw8-nbs6-auaa
28
vulnerability VCID-j8hk-bqnb-gycp
29
vulnerability VCID-jp1p-rfxa-hyd9
30
vulnerability VCID-n1gz-y615-cbbk
31
vulnerability VCID-r3az-g422-gqf9
32
vulnerability VCID-sdjb-gp4t-vbgt
33
vulnerability VCID-tgyt-axv1-c7ag
34
vulnerability VCID-tzpj-j3x1-ekgk
35
vulnerability VCID-un7r-8sah-33cr
36
vulnerability VCID-uq77-aax5-k7d8
37
vulnerability VCID-x8qf-w4vq-mfhm
38
vulnerability VCID-x8tq-5na6-gfbj
39
vulnerability VCID-zkvq-bms4-gfcv
40
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.2
aliases CVE-2019-19849, GHSA-rcgc-4xfc-564v
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p7gd-anw2-1qbz
41
url VCID-q5f3-nhjn-hyb4
vulnerability_id VCID-q5f3-nhjn-hyb4
summary 
Cross-site Scripting
Cross-Site Scripting exploitable by Editors.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004/
fixed_packages
0
url pkg:composer/typo3/cms@7.3.0
purl pkg:composer/typo3/cms@7.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5hm4-ms5p-uuae
5
vulnerability VCID-5ru2-1n1f-afa4
6
vulnerability VCID-66kh-c1dm-8fbf
7
vulnerability VCID-8jcy-3kje-fqeh
8
vulnerability VCID-953t-q1cr-zyd6
9
vulnerability VCID-9899-uxyb-73gg
10
vulnerability VCID-abjx-8v46-d7d8
11
vulnerability VCID-ansr-8m5j-pya6
12
vulnerability VCID-c57c-akce-xufq
13
vulnerability VCID-cgqm-1wwf-kbg6
14
vulnerability VCID-dsqm-9q3e-dudw
15
vulnerability VCID-dyhd-5p1e-fya6
16
vulnerability VCID-e1ms-4r4s-g7e7
17
vulnerability VCID-e2bk-pfbe-puek
18
vulnerability VCID-e82x-2cdb-7fgn
19
vulnerability VCID-ev4k-5k1d-2bhu
20
vulnerability VCID-fdnw-2tz5-4fdr
21
vulnerability VCID-fqkx-v8t5-q3h6
22
vulnerability VCID-gpv4-4tpd-tbaa
23
vulnerability VCID-hm4k-wbq3-r7ej
24
vulnerability VCID-hp99-ncuh-6ugv
25
vulnerability VCID-hsw8-nbs6-auaa
26
vulnerability VCID-hyx9-8ae6-sba8
27
vulnerability VCID-j6x1-dfre-2bdq
28
vulnerability VCID-jp1p-rfxa-hyd9
29
vulnerability VCID-jq5y-7h9g-mufa
30
vulnerability VCID-jwb1-3sbg-kfa5
31
vulnerability VCID-n18b-qe5x-z7cj
32
vulnerability VCID-nhjv-nke2-2kf8
33
vulnerability VCID-njsj-bwjq-fyap
34
vulnerability VCID-p576-w7dd-p3h7
35
vulnerability VCID-p7gd-anw2-1qbz
36
vulnerability VCID-qcnh-z4zh-myaw
37
vulnerability VCID-qek9-g3h8-nfdz
38
vulnerability VCID-rs13-zf7b-mka7
39
vulnerability VCID-teby-zvvw-zkhv
40
vulnerability VCID-tzpj-j3x1-ekgk
41
vulnerability VCID-u6h1-ccgw-jqds
42
vulnerability VCID-ub3e-hrb1-wqac
43
vulnerability VCID-uq77-aax5-k7d8
44
vulnerability VCID-vq15-t92r-5bhx
45
vulnerability VCID-w65h-8a9d-ckgj
46
vulnerability VCID-wms8-dnuz-b3hc
47
vulnerability VCID-xvyu-2hb8-8ufh
48
vulnerability VCID-xw1s-93bu-wuh9
49
vulnerability VCID-ys6f-g39p-fkfc
50
vulnerability VCID-yz6t-ge1y-qfgr
51
vulnerability VCID-zru2-9g25-77dc
52
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0
aliases GMS-2015-82
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q5f3-nhjn-hyb4
42
url VCID-qcnh-z4zh-myaw
vulnerability_id VCID-qcnh-z4zh-myaw
summary 
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
Phar files (formerly known as "PHP archives") can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as "bundle.txt" would be. This way, Phar files can be obfuscated as image or text file which would not be denied from being uploaded and persisted to a TYPO3 installation. Due to a missing sanitization of user input, those Phar files can be invoked by manipulated URLs in TYPO3 backend forms. A valid backend user account is needed to exploit this vulnerability. In theory the attack vector would be possible in the TYPO3 frontend as well, however no functional exploit has been identified so far.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-2.yaml
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-07-12-2.yaml
1
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-002
reference_id
reference_type
scores
0
value HIGH
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-002
2
reference_url https://github.com/advisories/GHSA-ppgf-8745-8pgx
reference_id GHSA-ppgf-8745-8pgx
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ppgf-8745-8pgx
fixed_packages
0
url pkg:composer/typo3/cms@7.6.30
purl pkg:composer/typo3/cms@7.6.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-953t-q1cr-zyd6
5
vulnerability VCID-dsqm-9q3e-dudw
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fdnw-2tz5-4fdr
8
vulnerability VCID-fqkx-v8t5-q3h6
9
vulnerability VCID-gpv4-4tpd-tbaa
10
vulnerability VCID-hp99-ncuh-6ugv
11
vulnerability VCID-hsw8-nbs6-auaa
12
vulnerability VCID-hyx9-8ae6-sba8
13
vulnerability VCID-jp1p-rfxa-hyd9
14
vulnerability VCID-jq5y-7h9g-mufa
15
vulnerability VCID-jwb1-3sbg-kfa5
16
vulnerability VCID-p576-w7dd-p3h7
17
vulnerability VCID-p7gd-anw2-1qbz
18
vulnerability VCID-teby-zvvw-zkhv
19
vulnerability VCID-tgyt-axv1-c7ag
20
vulnerability VCID-tzpj-j3x1-ekgk
21
vulnerability VCID-uq77-aax5-k7d8
22
vulnerability VCID-xvyu-2hb8-8ufh
23
vulnerability VCID-xw1s-93bu-wuh9
24
vulnerability VCID-yz6t-ge1y-qfgr
25
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.30
1
url pkg:composer/typo3/cms@8.7.17
purl pkg:composer/typo3/cms@8.7.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-6a22-c7x5-sqe2
11
vulnerability VCID-7ch1-q9f4-a7bt
12
vulnerability VCID-7m6u-k5tp-gkhy
13
vulnerability VCID-848u-w88s-5bbe
14
vulnerability VCID-94r9-hh4g-jkej
15
vulnerability VCID-953t-q1cr-zyd6
16
vulnerability VCID-9yu1-z7c2-t3fj
17
vulnerability VCID-am6s-67bm-77dr
18
vulnerability VCID-bn3p-39sv-6fdg
19
vulnerability VCID-buj5-2t53-3kcr
20
vulnerability VCID-dsqm-9q3e-dudw
21
vulnerability VCID-emqq-kwjg-3kfk
22
vulnerability VCID-ev4k-5k1d-2bhu
23
vulnerability VCID-f319-jpf5-hyex
24
vulnerability VCID-fdnw-2tz5-4fdr
25
vulnerability VCID-fqkc-utex-3kav
26
vulnerability VCID-fqkx-v8t5-q3h6
27
vulnerability VCID-fut7-bb1f-37g7
28
vulnerability VCID-gpv4-4tpd-tbaa
29
vulnerability VCID-hp99-ncuh-6ugv
30
vulnerability VCID-hsw8-nbs6-auaa
31
vulnerability VCID-hyx9-8ae6-sba8
32
vulnerability VCID-j8hk-bqnb-gycp
33
vulnerability VCID-jp1p-rfxa-hyd9
34
vulnerability VCID-jq5y-7h9g-mufa
35
vulnerability VCID-jwb1-3sbg-kfa5
36
vulnerability VCID-k5t3-28es-h3ez
37
vulnerability VCID-khpm-e1xb-hydb
38
vulnerability VCID-nney-azbc-pucg
39
vulnerability VCID-p576-w7dd-p3h7
40
vulnerability VCID-p7gd-anw2-1qbz
41
vulnerability VCID-pmvp-twk2-jqe4
42
vulnerability VCID-q7vt-19eb-sqeq
43
vulnerability VCID-qdxh-arxx-wbcr
44
vulnerability VCID-qv14-m93d-jyd9
45
vulnerability VCID-qxab-9uwr-yqhv
46
vulnerability VCID-rqrw-t2kj-mud8
47
vulnerability VCID-ru6w-m6q6-27gn
48
vulnerability VCID-sdjb-gp4t-vbgt
49
vulnerability VCID-sdsa-mh76-kqch
50
vulnerability VCID-teby-zvvw-zkhv
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-uq77-aax5-k7d8
56
vulnerability VCID-vw2r-g8yy-eyf4
57
vulnerability VCID-w483-prq4-rycx
58
vulnerability VCID-wat8-4m83-hken
59
vulnerability VCID-x5x1-w7yv-eye9
60
vulnerability VCID-xvyu-2hb8-8ufh
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-yz6t-ge1y-qfgr
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zmwv-gwq3-fkej
67
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.17
2
url pkg:composer/typo3/cms@9.3.2
purl pkg:composer/typo3/cms@9.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-28fn-ncj5-2ufk
5
vulnerability VCID-2rhr-8vaz-hqfj
6
vulnerability VCID-2rmv-a83x-9ka8
7
vulnerability VCID-39vn-73mc-jqav
8
vulnerability VCID-3k2k-a3gb-n3ba
9
vulnerability VCID-3ugj-6m1e-e3hr
10
vulnerability VCID-3ye6-vqje-abh4
11
vulnerability VCID-4an7-9ph4-mkd4
12
vulnerability VCID-4eym-e6vt-8fbs
13
vulnerability VCID-4jck-w9ct-budk
14
vulnerability VCID-5k47-9k7t-rqak
15
vulnerability VCID-6a22-c7x5-sqe2
16
vulnerability VCID-6mnf-2fcw-dqgp
17
vulnerability VCID-7ch1-q9f4-a7bt
18
vulnerability VCID-7m6u-k5tp-gkhy
19
vulnerability VCID-7xv1-78u7-xufp
20
vulnerability VCID-848u-w88s-5bbe
21
vulnerability VCID-8w4e-d49b-nbg8
22
vulnerability VCID-94r9-hh4g-jkej
23
vulnerability VCID-953t-q1cr-zyd6
24
vulnerability VCID-9adx-p876-kyb5
25
vulnerability VCID-9yu1-z7c2-t3fj
26
vulnerability VCID-a1g9-pyz5-9fca
27
vulnerability VCID-am6s-67bm-77dr
28
vulnerability VCID-bbh5-rss8-bfct
29
vulnerability VCID-buj5-2t53-3kcr
30
vulnerability VCID-cvk2-93hm-gkhx
31
vulnerability VCID-dsqm-9q3e-dudw
32
vulnerability VCID-e6zr-4bgg-kkh5
33
vulnerability VCID-emqq-kwjg-3kfk
34
vulnerability VCID-ev4k-5k1d-2bhu
35
vulnerability VCID-f319-jpf5-hyex
36
vulnerability VCID-f4n7-q72x-3yea
37
vulnerability VCID-fqkc-utex-3kav
38
vulnerability VCID-fqkx-v8t5-q3h6
39
vulnerability VCID-fut7-bb1f-37g7
40
vulnerability VCID-gpv4-4tpd-tbaa
41
vulnerability VCID-hp99-ncuh-6ugv
42
vulnerability VCID-hsw8-nbs6-auaa
43
vulnerability VCID-j8hk-bqnb-gycp
44
vulnerability VCID-jp1p-rfxa-hyd9
45
vulnerability VCID-jq5y-7h9g-mufa
46
vulnerability VCID-jwb1-3sbg-kfa5
47
vulnerability VCID-k5t3-28es-h3ez
48
vulnerability VCID-khpm-e1xb-hydb
49
vulnerability VCID-n1gz-y615-cbbk
50
vulnerability VCID-nney-azbc-pucg
51
vulnerability VCID-p576-w7dd-p3h7
52
vulnerability VCID-p7gd-anw2-1qbz
53
vulnerability VCID-pmvp-twk2-jqe4
54
vulnerability VCID-q2t1-kx56-s3c3
55
vulnerability VCID-q7vt-19eb-sqeq
56
vulnerability VCID-qdxh-arxx-wbcr
57
vulnerability VCID-qv14-m93d-jyd9
58
vulnerability VCID-qxab-9uwr-yqhv
59
vulnerability VCID-rqrw-t2kj-mud8
60
vulnerability VCID-ru6w-m6q6-27gn
61
vulnerability VCID-sdjb-gp4t-vbgt
62
vulnerability VCID-sdsa-mh76-kqch
63
vulnerability VCID-teby-zvvw-zkhv
64
vulnerability VCID-tgyt-axv1-c7ag
65
vulnerability VCID-tzpj-j3x1-ekgk
66
vulnerability VCID-u259-2sxq-tbct
67
vulnerability VCID-u6as-cwxc-pkhk
68
vulnerability VCID-un7r-8sah-33cr
69
vulnerability VCID-uq77-aax5-k7d8
70
vulnerability VCID-vw2r-g8yy-eyf4
71
vulnerability VCID-w7z1-aw31-vugx
72
vulnerability VCID-wat8-4m83-hken
73
vulnerability VCID-x5x1-w7yv-eye9
74
vulnerability VCID-xvyu-2hb8-8ufh
75
vulnerability VCID-xw1s-93bu-wuh9
76
vulnerability VCID-y7ds-p5r2-yuhq
77
vulnerability VCID-yh6b-tc4u-v3bk
78
vulnerability VCID-yz6t-ge1y-qfgr
79
vulnerability VCID-zeut-9wfp-q7et
80
vulnerability VCID-zgfw-pk39-gyg8
81
vulnerability VCID-zkvq-bms4-gfcv
82
vulnerability VCID-zmwv-gwq3-fkej
83
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.3.2
aliases GHSA-ppgf-8745-8pgx
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qcnh-z4zh-myaw
43
url VCID-qek9-g3h8-nfdz
vulnerability_id VCID-qek9-g3h8-nfdz
summary 
Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend
Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-12-15-1.yaml
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-12-15-1.yaml
1
reference_url https://typo3.org/security/advisory/typo3-core-sa-2015-011
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2015-011
2
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011
3
reference_url https://github.com/advisories/GHSA-5cxf-xx9j-54jc
reference_id GHSA-5cxf-xx9j-54jc
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5cxf-xx9j-54jc
fixed_packages
0
url pkg:composer/typo3/cms@7.6.1
purl pkg:composer/typo3/cms@7.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2r7u-mc45-8yhe
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-2vpx-fqb6-aqfa
5
vulnerability VCID-39jx-muqb-nkfq
6
vulnerability VCID-3ugj-6m1e-e3hr
7
vulnerability VCID-4wnp-gusy-43b8
8
vulnerability VCID-5dxs-cdht-27hw
9
vulnerability VCID-5hm4-ms5p-uuae
10
vulnerability VCID-5ppx-p8eq-mbgk
11
vulnerability VCID-5u2f-5zzf-j3e4
12
vulnerability VCID-66kh-c1dm-8fbf
13
vulnerability VCID-66ru-n2df-b3ay
14
vulnerability VCID-6su8-bbrw-hbhp
15
vulnerability VCID-727q-h3ey-6yc9
16
vulnerability VCID-8jcy-3kje-fqeh
17
vulnerability VCID-8p64-6zpt-t3av
18
vulnerability VCID-953t-q1cr-zyd6
19
vulnerability VCID-9726-hafj-wkay
20
vulnerability VCID-9saf-w56y-pugz
21
vulnerability VCID-abjx-8v46-d7d8
22
vulnerability VCID-bstt-ybrs-5ua3
23
vulnerability VCID-dd9u-w2y2-87h9
24
vulnerability VCID-dsqm-9q3e-dudw
25
vulnerability VCID-e564-zdku-9fc6
26
vulnerability VCID-ekvp-u4kk-kqdd
27
vulnerability VCID-eutz-mj58-audb
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-exjy-5cyn-zfg1
30
vulnerability VCID-fdnw-2tz5-4fdr
31
vulnerability VCID-fgqa-5fx9-nkaz
32
vulnerability VCID-fh61-7rfy-s3hg
33
vulnerability VCID-fqkx-v8t5-q3h6
34
vulnerability VCID-g7mm-vjbw-bbhd
35
vulnerability VCID-g9ns-sxkx-aqh1
36
vulnerability VCID-gpv4-4tpd-tbaa
37
vulnerability VCID-h217-xe8x-nua3
38
vulnerability VCID-h7cg-64er-uya9
39
vulnerability VCID-h7hf-sf2q-73ay
40
vulnerability VCID-hp99-ncuh-6ugv
41
vulnerability VCID-hsw8-nbs6-auaa
42
vulnerability VCID-hyx9-8ae6-sba8
43
vulnerability VCID-hzma-cduk-3uhp
44
vulnerability VCID-j8sh-5evd-dkaz
45
vulnerability VCID-jenc-czvj-g3gw
46
vulnerability VCID-jeqr-9tfu-f7b2
47
vulnerability VCID-jf28-91be-6kbr
48
vulnerability VCID-jmea-qzsr-wkf4
49
vulnerability VCID-jn38-wfec-7bb2
50
vulnerability VCID-jp1p-rfxa-hyd9
51
vulnerability VCID-jq5y-7h9g-mufa
52
vulnerability VCID-jqe4-8hzb-mfea
53
vulnerability VCID-jwb1-3sbg-kfa5
54
vulnerability VCID-kp2p-nbmg-ufen
55
vulnerability VCID-ks1q-a8x2-uqht
56
vulnerability VCID-m3nc-xbb4-yubr
57
vulnerability VCID-mctp-nf36-7qdn
58
vulnerability VCID-nhjv-nke2-2kf8
59
vulnerability VCID-njsj-bwjq-fyap
60
vulnerability VCID-nvbp-pbjw-3qgx
61
vulnerability VCID-p576-w7dd-p3h7
62
vulnerability VCID-p7gd-anw2-1qbz
63
vulnerability VCID-qcnh-z4zh-myaw
64
vulnerability VCID-s97a-nmk8-y3ay
65
vulnerability VCID-sdz8-hju8-4bcb
66
vulnerability VCID-sy7r-d6pv-yba9
67
vulnerability VCID-teby-zvvw-zkhv
68
vulnerability VCID-tgyt-axv1-c7ag
69
vulnerability VCID-tzpj-j3x1-ekgk
70
vulnerability VCID-u4tq-8qnk-5fd7
71
vulnerability VCID-u5he-6tqb-gqaf
72
vulnerability VCID-uq77-aax5-k7d8
73
vulnerability VCID-vq15-t92r-5bhx
74
vulnerability VCID-w58p-3wg1-7ycr
75
vulnerability VCID-x175-xjek-97ds
76
vulnerability VCID-xh68-defe-f7ce
77
vulnerability VCID-xpxg-qq49-b7fd
78
vulnerability VCID-xt7m-u9eb-fyd9
79
vulnerability VCID-xvyu-2hb8-8ufh
80
vulnerability VCID-xw1s-93bu-wuh9
81
vulnerability VCID-y1ap-y4az-x7ec
82
vulnerability VCID-ygw4-jdqu-4fbt
83
vulnerability VCID-yn6z-9v7k-x7br
84
vulnerability VCID-yz6t-ge1y-qfgr
85
vulnerability VCID-zrz3-3dnf-tbay
86
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1
aliases GHSA-5cxf-xx9j-54jc
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qek9-g3h8-nfdz
44
url VCID-rae3-cugy-hbh5
vulnerability_id VCID-rae3-cugy-hbh5
summary 
Improper Access Control
Access bypass when editing file metadata.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002/
fixed_packages
0
url pkg:composer/typo3/cms@7.3.0
purl pkg:composer/typo3/cms@7.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5hm4-ms5p-uuae
5
vulnerability VCID-5ru2-1n1f-afa4
6
vulnerability VCID-66kh-c1dm-8fbf
7
vulnerability VCID-8jcy-3kje-fqeh
8
vulnerability VCID-953t-q1cr-zyd6
9
vulnerability VCID-9899-uxyb-73gg
10
vulnerability VCID-abjx-8v46-d7d8
11
vulnerability VCID-ansr-8m5j-pya6
12
vulnerability VCID-c57c-akce-xufq
13
vulnerability VCID-cgqm-1wwf-kbg6
14
vulnerability VCID-dsqm-9q3e-dudw
15
vulnerability VCID-dyhd-5p1e-fya6
16
vulnerability VCID-e1ms-4r4s-g7e7
17
vulnerability VCID-e2bk-pfbe-puek
18
vulnerability VCID-e82x-2cdb-7fgn
19
vulnerability VCID-ev4k-5k1d-2bhu
20
vulnerability VCID-fdnw-2tz5-4fdr
21
vulnerability VCID-fqkx-v8t5-q3h6
22
vulnerability VCID-gpv4-4tpd-tbaa
23
vulnerability VCID-hm4k-wbq3-r7ej
24
vulnerability VCID-hp99-ncuh-6ugv
25
vulnerability VCID-hsw8-nbs6-auaa
26
vulnerability VCID-hyx9-8ae6-sba8
27
vulnerability VCID-j6x1-dfre-2bdq
28
vulnerability VCID-jp1p-rfxa-hyd9
29
vulnerability VCID-jq5y-7h9g-mufa
30
vulnerability VCID-jwb1-3sbg-kfa5
31
vulnerability VCID-n18b-qe5x-z7cj
32
vulnerability VCID-nhjv-nke2-2kf8
33
vulnerability VCID-njsj-bwjq-fyap
34
vulnerability VCID-p576-w7dd-p3h7
35
vulnerability VCID-p7gd-anw2-1qbz
36
vulnerability VCID-qcnh-z4zh-myaw
37
vulnerability VCID-qek9-g3h8-nfdz
38
vulnerability VCID-rs13-zf7b-mka7
39
vulnerability VCID-teby-zvvw-zkhv
40
vulnerability VCID-tzpj-j3x1-ekgk
41
vulnerability VCID-u6h1-ccgw-jqds
42
vulnerability VCID-ub3e-hrb1-wqac
43
vulnerability VCID-uq77-aax5-k7d8
44
vulnerability VCID-vq15-t92r-5bhx
45
vulnerability VCID-w65h-8a9d-ckgj
46
vulnerability VCID-wms8-dnuz-b3hc
47
vulnerability VCID-xvyu-2hb8-8ufh
48
vulnerability VCID-xw1s-93bu-wuh9
49
vulnerability VCID-ys6f-g39p-fkfc
50
vulnerability VCID-yz6t-ge1y-qfgr
51
vulnerability VCID-zru2-9g25-77dc
52
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.0
aliases GMS-2015-80
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rae3-cugy-hbh5
45
url VCID-rs13-zf7b-mka7
vulnerability_id VCID-rs13-zf7b-mka7
summary 
Typo3 XSS Vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2015-8755
reference_id
reference_type
scores
0
value 0.00222
scoring_system epss
scoring_elements 0.44816
published_at 2026-06-04T12:55:00Z
1
value 0.00222
scoring_system epss
scoring_elements 0.44893
published_at 2026-06-06T12:55:00Z
2
value 0.00222
scoring_system epss
scoring_elements 0.44886
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2015-8755
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-8755
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2015-8755
2
reference_url https://web.archive.org/web/20160621193435/http://www.securityfocus.com/bid/79236
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20160621193435/http://www.securityfocus.com/bid/79236
3
reference_url https://web.archive.org/web/20161012163838/http://www.securitytracker.com/id/1034483
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://web.archive.org/web/20161012163838/http://www.securitytracker.com/id/1034483
4
reference_url http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011
5
reference_url http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/
reference_id
reference_type
scores
url http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/
6
reference_url https://github.com/advisories/GHSA-56f9-5563-m2h7
reference_id GHSA-56f9-5563-m2h7
reference_type
scores
url https://github.com/advisories/GHSA-56f9-5563-m2h7
fixed_packages
0
url pkg:composer/typo3/cms@7.6.1
purl pkg:composer/typo3/cms@7.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2r7u-mc45-8yhe
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-2vpx-fqb6-aqfa
5
vulnerability VCID-39jx-muqb-nkfq
6
vulnerability VCID-3ugj-6m1e-e3hr
7
vulnerability VCID-4wnp-gusy-43b8
8
vulnerability VCID-5dxs-cdht-27hw
9
vulnerability VCID-5hm4-ms5p-uuae
10
vulnerability VCID-5ppx-p8eq-mbgk
11
vulnerability VCID-5u2f-5zzf-j3e4
12
vulnerability VCID-66kh-c1dm-8fbf
13
vulnerability VCID-66ru-n2df-b3ay
14
vulnerability VCID-6su8-bbrw-hbhp
15
vulnerability VCID-727q-h3ey-6yc9
16
vulnerability VCID-8jcy-3kje-fqeh
17
vulnerability VCID-8p64-6zpt-t3av
18
vulnerability VCID-953t-q1cr-zyd6
19
vulnerability VCID-9726-hafj-wkay
20
vulnerability VCID-9saf-w56y-pugz
21
vulnerability VCID-abjx-8v46-d7d8
22
vulnerability VCID-bstt-ybrs-5ua3
23
vulnerability VCID-dd9u-w2y2-87h9
24
vulnerability VCID-dsqm-9q3e-dudw
25
vulnerability VCID-e564-zdku-9fc6
26
vulnerability VCID-ekvp-u4kk-kqdd
27
vulnerability VCID-eutz-mj58-audb
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-exjy-5cyn-zfg1
30
vulnerability VCID-fdnw-2tz5-4fdr
31
vulnerability VCID-fgqa-5fx9-nkaz
32
vulnerability VCID-fh61-7rfy-s3hg
33
vulnerability VCID-fqkx-v8t5-q3h6
34
vulnerability VCID-g7mm-vjbw-bbhd
35
vulnerability VCID-g9ns-sxkx-aqh1
36
vulnerability VCID-gpv4-4tpd-tbaa
37
vulnerability VCID-h217-xe8x-nua3
38
vulnerability VCID-h7cg-64er-uya9
39
vulnerability VCID-h7hf-sf2q-73ay
40
vulnerability VCID-hp99-ncuh-6ugv
41
vulnerability VCID-hsw8-nbs6-auaa
42
vulnerability VCID-hyx9-8ae6-sba8
43
vulnerability VCID-hzma-cduk-3uhp
44
vulnerability VCID-j8sh-5evd-dkaz
45
vulnerability VCID-jenc-czvj-g3gw
46
vulnerability VCID-jeqr-9tfu-f7b2
47
vulnerability VCID-jf28-91be-6kbr
48
vulnerability VCID-jmea-qzsr-wkf4
49
vulnerability VCID-jn38-wfec-7bb2
50
vulnerability VCID-jp1p-rfxa-hyd9
51
vulnerability VCID-jq5y-7h9g-mufa
52
vulnerability VCID-jqe4-8hzb-mfea
53
vulnerability VCID-jwb1-3sbg-kfa5
54
vulnerability VCID-kp2p-nbmg-ufen
55
vulnerability VCID-ks1q-a8x2-uqht
56
vulnerability VCID-m3nc-xbb4-yubr
57
vulnerability VCID-mctp-nf36-7qdn
58
vulnerability VCID-nhjv-nke2-2kf8
59
vulnerability VCID-njsj-bwjq-fyap
60
vulnerability VCID-nvbp-pbjw-3qgx
61
vulnerability VCID-p576-w7dd-p3h7
62
vulnerability VCID-p7gd-anw2-1qbz
63
vulnerability VCID-qcnh-z4zh-myaw
64
vulnerability VCID-s97a-nmk8-y3ay
65
vulnerability VCID-sdz8-hju8-4bcb
66
vulnerability VCID-sy7r-d6pv-yba9
67
vulnerability VCID-teby-zvvw-zkhv
68
vulnerability VCID-tgyt-axv1-c7ag
69
vulnerability VCID-tzpj-j3x1-ekgk
70
vulnerability VCID-u4tq-8qnk-5fd7
71
vulnerability VCID-u5he-6tqb-gqaf
72
vulnerability VCID-uq77-aax5-k7d8
73
vulnerability VCID-vq15-t92r-5bhx
74
vulnerability VCID-w58p-3wg1-7ycr
75
vulnerability VCID-x175-xjek-97ds
76
vulnerability VCID-xh68-defe-f7ce
77
vulnerability VCID-xpxg-qq49-b7fd
78
vulnerability VCID-xt7m-u9eb-fyd9
79
vulnerability VCID-xvyu-2hb8-8ufh
80
vulnerability VCID-xw1s-93bu-wuh9
81
vulnerability VCID-y1ap-y4az-x7ec
82
vulnerability VCID-ygw4-jdqu-4fbt
83
vulnerability VCID-yn6z-9v7k-x7br
84
vulnerability VCID-yz6t-ge1y-qfgr
85
vulnerability VCID-zrz3-3dnf-tbay
86
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1
aliases CVE-2015-8755, GHSA-56f9-5563-m2h7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rs13-zf7b-mka7
46
url VCID-teby-zvvw-zkhv
vulnerability_id VCID-teby-zvvw-zkhv
summary 
TYPO3 Cross-Site Scripting in Backend Modal Component
Failing to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-2.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-2.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/02cd5c97228cba477d16c68e28309ce25c433ce9
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/02cd5c97228cba477d16c68e28309ce25c433ce9
3
reference_url https://github.com/TYPO3/typo3/commit/89a38ad0ef9411745954f53f29bea5b8ce81cd32
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/89a38ad0ef9411745954f53f29bea5b8ce81cd32
4
reference_url https://github.com/TYPO3/typo3/commit/c35646c3f7795a4a7b0046a88f146b490fa4883c
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/c35646c3f7795a4a7b0046a88f146b490fa4883c
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-007
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-007
6
reference_url https://github.com/advisories/GHSA-7q33-hxwj-7p8v
reference_id GHSA-7q33-hxwj-7p8v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7q33-hxwj-7p8v
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-7q33-hxwj-7p8v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-teby-zvvw-zkhv
47
url VCID-tzpj-j3x1-ekgk
vulnerability_id VCID-tzpj-j3x1-ekgk
summary 
TYPO3 CMS vulnerable to User Enumeration via Response Timing
> ### Meta
> * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C` (4.9)

### Problem
It has been discovered that observing response time during user authentication (backend and frontend) can be used to distinguish between existing and non-existing user accounts.

Extension authors of 3rd party TYPO3 extensions providing a custom authentication service should check if the extension is affected by the described problem. Affected extensions must implement new `MimicServiceInterface::mimicAuthUser`, which simulates corresponding times regular processing would usually take.

### Solution
Update to TYPO3 version 7.6.58 ELTS, 8.7.48 ELTS, 9.5.37 ELTS, 10.4.32 or 11.5.16 that fix the problem described above.

### Credits
Thanks to Vautia who reported this issue and to TYPO3 core & security team members Oliver Hader who fixed the issue.

### References
* [TYPO3-CORE-SA-2022-007](https://typo3.org/security/advisory/typo3-core-sa-2022-007)
* [Vulnerability Report on huntr.dev](https://huntr.dev/bounties/7d519735-2877-4fad-bd77-accde3e290a7/) (embargoed +30 days)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-36105
reference_id
reference_type
scores
0
value 0.00283
scoring_system epss
scoring_elements 0.52
published_at 2026-06-06T12:55:00Z
1
value 0.00283
scoring_system epss
scoring_elements 0.51991
published_at 2026-06-05T12:55:00Z
2
value 0.00283
scoring_system epss
scoring_elements 0.5193
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-36105
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36105.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-36105.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36105.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-36105.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/f0fc9c4cd7c38207c30dd158de53ee5d9d6f41a2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/f0fc9c4cd7c38207c30dd158de53ee5d9d6f41a2
5
reference_url https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://github.com/TYPO3/typo3/commit/f8b83ce15d4ea275a5a5e564e5d324242f7937b6
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-m392-235j-9r7r
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-36105
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-36105
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-007
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:34Z/
url https://typo3.org/security/advisory/typo3-core-sa-2022-007
9
reference_url https://github.com/advisories/GHSA-m392-235j-9r7r
reference_id GHSA-m392-235j-9r7r
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m392-235j-9r7r
fixed_packages
0
url pkg:composer/typo3/cms@10.4.32
purl pkg:composer/typo3/cms@10.4.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-6a22-c7x5-sqe2
2
vulnerability VCID-6hnx-p9hv-jbg2
3
vulnerability VCID-6xgm-uan4-u7fu
4
vulnerability VCID-un7r-8sah-33cr
5
vulnerability VCID-x8qf-w4vq-mfhm
6
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.32
1
url pkg:composer/typo3/cms@11.5.16
purl pkg:composer/typo3/cms@11.5.16
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-6a22-c7x5-sqe2
2
vulnerability VCID-6hnx-p9hv-jbg2
3
vulnerability VCID-6xgm-uan4-u7fu
4
vulnerability VCID-un7r-8sah-33cr
5
vulnerability VCID-x8qf-w4vq-mfhm
6
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.16
aliases CVE-2022-36105, GHSA-m392-235j-9r7r
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tzpj-j3x1-ekgk
48
url VCID-u6h1-ccgw-jqds
vulnerability_id VCID-u6h1-ccgw-jqds
summary 
Cross-site Scripting
Multiple Cross-Site Scripting vulnerabilities in frontend.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.1
purl pkg:composer/typo3/cms@7.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2r7u-mc45-8yhe
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-2vpx-fqb6-aqfa
5
vulnerability VCID-39jx-muqb-nkfq
6
vulnerability VCID-3ugj-6m1e-e3hr
7
vulnerability VCID-4wnp-gusy-43b8
8
vulnerability VCID-5dxs-cdht-27hw
9
vulnerability VCID-5hm4-ms5p-uuae
10
vulnerability VCID-5ppx-p8eq-mbgk
11
vulnerability VCID-5u2f-5zzf-j3e4
12
vulnerability VCID-66kh-c1dm-8fbf
13
vulnerability VCID-66ru-n2df-b3ay
14
vulnerability VCID-6su8-bbrw-hbhp
15
vulnerability VCID-727q-h3ey-6yc9
16
vulnerability VCID-8jcy-3kje-fqeh
17
vulnerability VCID-8p64-6zpt-t3av
18
vulnerability VCID-953t-q1cr-zyd6
19
vulnerability VCID-9726-hafj-wkay
20
vulnerability VCID-9saf-w56y-pugz
21
vulnerability VCID-abjx-8v46-d7d8
22
vulnerability VCID-bstt-ybrs-5ua3
23
vulnerability VCID-dd9u-w2y2-87h9
24
vulnerability VCID-dsqm-9q3e-dudw
25
vulnerability VCID-e564-zdku-9fc6
26
vulnerability VCID-ekvp-u4kk-kqdd
27
vulnerability VCID-eutz-mj58-audb
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-exjy-5cyn-zfg1
30
vulnerability VCID-fdnw-2tz5-4fdr
31
vulnerability VCID-fgqa-5fx9-nkaz
32
vulnerability VCID-fh61-7rfy-s3hg
33
vulnerability VCID-fqkx-v8t5-q3h6
34
vulnerability VCID-g7mm-vjbw-bbhd
35
vulnerability VCID-g9ns-sxkx-aqh1
36
vulnerability VCID-gpv4-4tpd-tbaa
37
vulnerability VCID-h217-xe8x-nua3
38
vulnerability VCID-h7cg-64er-uya9
39
vulnerability VCID-h7hf-sf2q-73ay
40
vulnerability VCID-hp99-ncuh-6ugv
41
vulnerability VCID-hsw8-nbs6-auaa
42
vulnerability VCID-hyx9-8ae6-sba8
43
vulnerability VCID-hzma-cduk-3uhp
44
vulnerability VCID-j8sh-5evd-dkaz
45
vulnerability VCID-jenc-czvj-g3gw
46
vulnerability VCID-jeqr-9tfu-f7b2
47
vulnerability VCID-jf28-91be-6kbr
48
vulnerability VCID-jmea-qzsr-wkf4
49
vulnerability VCID-jn38-wfec-7bb2
50
vulnerability VCID-jp1p-rfxa-hyd9
51
vulnerability VCID-jq5y-7h9g-mufa
52
vulnerability VCID-jqe4-8hzb-mfea
53
vulnerability VCID-jwb1-3sbg-kfa5
54
vulnerability VCID-kp2p-nbmg-ufen
55
vulnerability VCID-ks1q-a8x2-uqht
56
vulnerability VCID-m3nc-xbb4-yubr
57
vulnerability VCID-mctp-nf36-7qdn
58
vulnerability VCID-nhjv-nke2-2kf8
59
vulnerability VCID-njsj-bwjq-fyap
60
vulnerability VCID-nvbp-pbjw-3qgx
61
vulnerability VCID-p576-w7dd-p3h7
62
vulnerability VCID-p7gd-anw2-1qbz
63
vulnerability VCID-qcnh-z4zh-myaw
64
vulnerability VCID-s97a-nmk8-y3ay
65
vulnerability VCID-sdz8-hju8-4bcb
66
vulnerability VCID-sy7r-d6pv-yba9
67
vulnerability VCID-teby-zvvw-zkhv
68
vulnerability VCID-tgyt-axv1-c7ag
69
vulnerability VCID-tzpj-j3x1-ekgk
70
vulnerability VCID-u4tq-8qnk-5fd7
71
vulnerability VCID-u5he-6tqb-gqaf
72
vulnerability VCID-uq77-aax5-k7d8
73
vulnerability VCID-vq15-t92r-5bhx
74
vulnerability VCID-w58p-3wg1-7ycr
75
vulnerability VCID-x175-xjek-97ds
76
vulnerability VCID-xh68-defe-f7ce
77
vulnerability VCID-xpxg-qq49-b7fd
78
vulnerability VCID-xt7m-u9eb-fyd9
79
vulnerability VCID-xvyu-2hb8-8ufh
80
vulnerability VCID-xw1s-93bu-wuh9
81
vulnerability VCID-y1ap-y4az-x7ec
82
vulnerability VCID-ygw4-jdqu-4fbt
83
vulnerability VCID-yn6z-9v7k-x7br
84
vulnerability VCID-yz6t-ge1y-qfgr
85
vulnerability VCID-zrz3-3dnf-tbay
86
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1
aliases GMS-2015-89
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u6h1-ccgw-jqds
49
url VCID-ub3e-hrb1-wqac
vulnerability_id VCID-ub3e-hrb1-wqac
summary 
Multiple Cross-Site Scripting vulnerabilities in frontend
Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-013/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.1
purl pkg:composer/typo3/cms@7.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2r7u-mc45-8yhe
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-2vpx-fqb6-aqfa
5
vulnerability VCID-39jx-muqb-nkfq
6
vulnerability VCID-3ugj-6m1e-e3hr
7
vulnerability VCID-4wnp-gusy-43b8
8
vulnerability VCID-5dxs-cdht-27hw
9
vulnerability VCID-5hm4-ms5p-uuae
10
vulnerability VCID-5ppx-p8eq-mbgk
11
vulnerability VCID-5u2f-5zzf-j3e4
12
vulnerability VCID-66kh-c1dm-8fbf
13
vulnerability VCID-66ru-n2df-b3ay
14
vulnerability VCID-6su8-bbrw-hbhp
15
vulnerability VCID-727q-h3ey-6yc9
16
vulnerability VCID-8jcy-3kje-fqeh
17
vulnerability VCID-8p64-6zpt-t3av
18
vulnerability VCID-953t-q1cr-zyd6
19
vulnerability VCID-9726-hafj-wkay
20
vulnerability VCID-9saf-w56y-pugz
21
vulnerability VCID-abjx-8v46-d7d8
22
vulnerability VCID-bstt-ybrs-5ua3
23
vulnerability VCID-dd9u-w2y2-87h9
24
vulnerability VCID-dsqm-9q3e-dudw
25
vulnerability VCID-e564-zdku-9fc6
26
vulnerability VCID-ekvp-u4kk-kqdd
27
vulnerability VCID-eutz-mj58-audb
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-exjy-5cyn-zfg1
30
vulnerability VCID-fdnw-2tz5-4fdr
31
vulnerability VCID-fgqa-5fx9-nkaz
32
vulnerability VCID-fh61-7rfy-s3hg
33
vulnerability VCID-fqkx-v8t5-q3h6
34
vulnerability VCID-g7mm-vjbw-bbhd
35
vulnerability VCID-g9ns-sxkx-aqh1
36
vulnerability VCID-gpv4-4tpd-tbaa
37
vulnerability VCID-h217-xe8x-nua3
38
vulnerability VCID-h7cg-64er-uya9
39
vulnerability VCID-h7hf-sf2q-73ay
40
vulnerability VCID-hp99-ncuh-6ugv
41
vulnerability VCID-hsw8-nbs6-auaa
42
vulnerability VCID-hyx9-8ae6-sba8
43
vulnerability VCID-hzma-cduk-3uhp
44
vulnerability VCID-j8sh-5evd-dkaz
45
vulnerability VCID-jenc-czvj-g3gw
46
vulnerability VCID-jeqr-9tfu-f7b2
47
vulnerability VCID-jf28-91be-6kbr
48
vulnerability VCID-jmea-qzsr-wkf4
49
vulnerability VCID-jn38-wfec-7bb2
50
vulnerability VCID-jp1p-rfxa-hyd9
51
vulnerability VCID-jq5y-7h9g-mufa
52
vulnerability VCID-jqe4-8hzb-mfea
53
vulnerability VCID-jwb1-3sbg-kfa5
54
vulnerability VCID-kp2p-nbmg-ufen
55
vulnerability VCID-ks1q-a8x2-uqht
56
vulnerability VCID-m3nc-xbb4-yubr
57
vulnerability VCID-mctp-nf36-7qdn
58
vulnerability VCID-nhjv-nke2-2kf8
59
vulnerability VCID-njsj-bwjq-fyap
60
vulnerability VCID-nvbp-pbjw-3qgx
61
vulnerability VCID-p576-w7dd-p3h7
62
vulnerability VCID-p7gd-anw2-1qbz
63
vulnerability VCID-qcnh-z4zh-myaw
64
vulnerability VCID-s97a-nmk8-y3ay
65
vulnerability VCID-sdz8-hju8-4bcb
66
vulnerability VCID-sy7r-d6pv-yba9
67
vulnerability VCID-teby-zvvw-zkhv
68
vulnerability VCID-tgyt-axv1-c7ag
69
vulnerability VCID-tzpj-j3x1-ekgk
70
vulnerability VCID-u4tq-8qnk-5fd7
71
vulnerability VCID-u5he-6tqb-gqaf
72
vulnerability VCID-uq77-aax5-k7d8
73
vulnerability VCID-vq15-t92r-5bhx
74
vulnerability VCID-w58p-3wg1-7ycr
75
vulnerability VCID-x175-xjek-97ds
76
vulnerability VCID-xh68-defe-f7ce
77
vulnerability VCID-xpxg-qq49-b7fd
78
vulnerability VCID-xt7m-u9eb-fyd9
79
vulnerability VCID-xvyu-2hb8-8ufh
80
vulnerability VCID-xw1s-93bu-wuh9
81
vulnerability VCID-y1ap-y4az-x7ec
82
vulnerability VCID-ygw4-jdqu-4fbt
83
vulnerability VCID-yn6z-9v7k-x7br
84
vulnerability VCID-yz6t-ge1y-qfgr
85
vulnerability VCID-zrz3-3dnf-tbay
86
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1
aliases TYPO3-CORE-SA-2015-013
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ub3e-hrb1-wqac
50
url VCID-uq77-aax5-k7d8
vulnerability_id VCID-uq77-aax5-k7d8
summary 
Inclusion of Sensitive Information in Log Files
TYPO3 is an open source PHP based web content management system. User credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 contain a patch for this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32767
reference_id
reference_type
scores
0
value 0.00327
scoring_system epss
scoring_elements 0.55909
published_at 2026-06-04T12:55:00Z
1
value 0.00327
scoring_system epss
scoring_elements 0.5597
published_at 2026-06-06T12:55:00Z
2
value 0.00327
scoring_system epss
scoring_elements 0.55964
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32767
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32767.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2021-32767.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32767.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2021-32767.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-34fr-fhqr-7235
5
reference_url https://github.com/TYPO3/typo3/commit/0b4950163b8919451964133febc65bcdfcec721c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/0b4950163b8919451964133febc65bcdfcec721c
6
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-34fr-fhqr-7235
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/security/advisories/GHSA-34fr-fhqr-7235
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-012
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-012
8
reference_url https://typo3.org/security/advisory/typo3-core-sa-2021-013
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2021-013
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32767
reference_id CVE-2021-32767
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32767
fixed_packages
0
url pkg:composer/typo3/cms@9.5.28
purl pkg:composer/typo3/cms@9.5.28
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-6a22-c7x5-sqe2
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-j8hk-bqnb-gycp
6
vulnerability VCID-sdjb-gp4t-vbgt
7
vulnerability VCID-tzpj-j3x1-ekgk
8
vulnerability VCID-un7r-8sah-33cr
9
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.28
1
url pkg:composer/typo3/cms@10.4.18
purl pkg:composer/typo3/cms@10.4.18
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-36cz-khgc-6fft
5
vulnerability VCID-6a22-c7x5-sqe2
6
vulnerability VCID-6hnx-p9hv-jbg2
7
vulnerability VCID-6xgm-uan4-u7fu
8
vulnerability VCID-9c49-n1a2-pubu
9
vulnerability VCID-e4zc-fmh2-n7b8
10
vulnerability VCID-fyyr-48a7-8qch
11
vulnerability VCID-gbev-1zs8-8bac
12
vulnerability VCID-hsw8-nbs6-auaa
13
vulnerability VCID-tzpj-j3x1-ekgk
14
vulnerability VCID-un7r-8sah-33cr
15
vulnerability VCID-x8qf-w4vq-mfhm
16
vulnerability VCID-x8tq-5na6-gfbj
17
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.18
2
url pkg:composer/typo3/cms@11.3.1
purl pkg:composer/typo3/cms@11.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-36cz-khgc-6fft
5
vulnerability VCID-6a22-c7x5-sqe2
6
vulnerability VCID-6hnx-p9hv-jbg2
7
vulnerability VCID-6xgm-uan4-u7fu
8
vulnerability VCID-9c49-n1a2-pubu
9
vulnerability VCID-b9sw-6tzm-3yhj
10
vulnerability VCID-e4zc-fmh2-n7b8
11
vulnerability VCID-fsx8-7qjz-2ubw
12
vulnerability VCID-fyyr-48a7-8qch
13
vulnerability VCID-gbev-1zs8-8bac
14
vulnerability VCID-hsw8-nbs6-auaa
15
vulnerability VCID-tzpj-j3x1-ekgk
16
vulnerability VCID-un7r-8sah-33cr
17
vulnerability VCID-x8qf-w4vq-mfhm
18
vulnerability VCID-x8tq-5na6-gfbj
19
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.3.1
aliases CVE-2021-32767, GHSA-34fr-fhqr-7235
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uq77-aax5-k7d8
51
url VCID-vq15-t92r-5bhx
vulnerability_id VCID-vq15-t92r-5bhx
summary 
Cross-site Scripting
The page module in TYPO3 is vulnerable to XSS via `$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']`, as demonstrated by an admin entering a crafted site name during the installation process.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-6905
reference_id
reference_type
scores
0
value 0.02274
scoring_system epss
scoring_elements 0.84989
published_at 2026-06-06T12:55:00Z
1
value 0.02274
scoring_system epss
scoring_elements 0.84984
published_at 2026-06-05T12:55:00Z
2
value 0.02274
scoring_system epss
scoring_elements 0.8496
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-6905
1
reference_url https://forge.typo3.org/issues/84191
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://forge.typo3.org/issues/84191
2
reference_url https://github.com/pradeepjairamani/TYPO3-XSS-POC
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pradeepjairamani/TYPO3-XSS-POC
3
reference_url https://github.com/TYPO3/typo3/commit/d2c0ea7db3b31a796a82f9d39f77f9983beb7c35
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/d2c0ea7db3b31a796a82f9d39f77f9983beb7c35
4
reference_url http://www.securitytracker.com/id/1040755
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://www.securitytracker.com/id/1040755
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-6905
reference_id CVE-2018-6905
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-6905
fixed_packages
0
url pkg:composer/typo3/cms@8.7.11
purl pkg:composer/typo3/cms@8.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-28fn-ncj5-2ufk
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3ugj-6m1e-e3hr
8
vulnerability VCID-4eym-e6vt-8fbs
9
vulnerability VCID-5k47-9k7t-rqak
10
vulnerability VCID-66kh-c1dm-8fbf
11
vulnerability VCID-6a22-c7x5-sqe2
12
vulnerability VCID-7ch1-q9f4-a7bt
13
vulnerability VCID-7m6u-k5tp-gkhy
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-94r9-hh4g-jkej
16
vulnerability VCID-953t-q1cr-zyd6
17
vulnerability VCID-9yu1-z7c2-t3fj
18
vulnerability VCID-abjx-8v46-d7d8
19
vulnerability VCID-am6s-67bm-77dr
20
vulnerability VCID-bn3p-39sv-6fdg
21
vulnerability VCID-buj5-2t53-3kcr
22
vulnerability VCID-dsqm-9q3e-dudw
23
vulnerability VCID-emqq-kwjg-3kfk
24
vulnerability VCID-ev4k-5k1d-2bhu
25
vulnerability VCID-f319-jpf5-hyex
26
vulnerability VCID-fdnw-2tz5-4fdr
27
vulnerability VCID-fpa2-ffg1-fyaa
28
vulnerability VCID-fqkc-utex-3kav
29
vulnerability VCID-fqkx-v8t5-q3h6
30
vulnerability VCID-fut7-bb1f-37g7
31
vulnerability VCID-gpv4-4tpd-tbaa
32
vulnerability VCID-hknp-f88a-kqec
33
vulnerability VCID-hp99-ncuh-6ugv
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-hyx9-8ae6-sba8
36
vulnerability VCID-j8hk-bqnb-gycp
37
vulnerability VCID-je4q-svfw-hqda
38
vulnerability VCID-jp1p-rfxa-hyd9
39
vulnerability VCID-jq5y-7h9g-mufa
40
vulnerability VCID-jwb1-3sbg-kfa5
41
vulnerability VCID-k5t3-28es-h3ez
42
vulnerability VCID-khpm-e1xb-hydb
43
vulnerability VCID-njsj-bwjq-fyap
44
vulnerability VCID-nney-azbc-pucg
45
vulnerability VCID-p576-w7dd-p3h7
46
vulnerability VCID-p7gd-anw2-1qbz
47
vulnerability VCID-pmvp-twk2-jqe4
48
vulnerability VCID-q7vt-19eb-sqeq
49
vulnerability VCID-qcnh-z4zh-myaw
50
vulnerability VCID-qdxh-arxx-wbcr
51
vulnerability VCID-qv14-m93d-jyd9
52
vulnerability VCID-qxab-9uwr-yqhv
53
vulnerability VCID-rqrw-t2kj-mud8
54
vulnerability VCID-ru6w-m6q6-27gn
55
vulnerability VCID-sdjb-gp4t-vbgt
56
vulnerability VCID-sdsa-mh76-kqch
57
vulnerability VCID-teby-zvvw-zkhv
58
vulnerability VCID-tgyt-axv1-c7ag
59
vulnerability VCID-tzpj-j3x1-ekgk
60
vulnerability VCID-u259-2sxq-tbct
61
vulnerability VCID-u6as-cwxc-pkhk
62
vulnerability VCID-uq77-aax5-k7d8
63
vulnerability VCID-vw2r-g8yy-eyf4
64
vulnerability VCID-w1wb-mq2y-dfca
65
vulnerability VCID-w483-prq4-rycx
66
vulnerability VCID-wat8-4m83-hken
67
vulnerability VCID-x5x1-w7yv-eye9
68
vulnerability VCID-xvyu-2hb8-8ufh
69
vulnerability VCID-xw1s-93bu-wuh9
70
vulnerability VCID-y7ds-p5r2-yuhq
71
vulnerability VCID-yh6b-tc4u-v3bk
72
vulnerability VCID-yz6t-ge1y-qfgr
73
vulnerability VCID-zgfw-pk39-gyg8
74
vulnerability VCID-zmwv-gwq3-fkej
75
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.11
1
url pkg:composer/typo3/cms@9.1.0
purl pkg:composer/typo3/cms@9.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-28fn-ncj5-2ufk
5
vulnerability VCID-2rhr-8vaz-hqfj
6
vulnerability VCID-2rmv-a83x-9ka8
7
vulnerability VCID-39vn-73mc-jqav
8
vulnerability VCID-3k2k-a3gb-n3ba
9
vulnerability VCID-3ugj-6m1e-e3hr
10
vulnerability VCID-3ye6-vqje-abh4
11
vulnerability VCID-4an7-9ph4-mkd4
12
vulnerability VCID-4eym-e6vt-8fbs
13
vulnerability VCID-4jck-w9ct-budk
14
vulnerability VCID-5k47-9k7t-rqak
15
vulnerability VCID-66kh-c1dm-8fbf
16
vulnerability VCID-6a22-c7x5-sqe2
17
vulnerability VCID-6mnf-2fcw-dqgp
18
vulnerability VCID-7ch1-q9f4-a7bt
19
vulnerability VCID-7m6u-k5tp-gkhy
20
vulnerability VCID-7xv1-78u7-xufp
21
vulnerability VCID-848u-w88s-5bbe
22
vulnerability VCID-8w4e-d49b-nbg8
23
vulnerability VCID-94r9-hh4g-jkej
24
vulnerability VCID-953t-q1cr-zyd6
25
vulnerability VCID-9adx-p876-kyb5
26
vulnerability VCID-9yu1-z7c2-t3fj
27
vulnerability VCID-a1g9-pyz5-9fca
28
vulnerability VCID-abjx-8v46-d7d8
29
vulnerability VCID-am6s-67bm-77dr
30
vulnerability VCID-bbh5-rss8-bfct
31
vulnerability VCID-buj5-2t53-3kcr
32
vulnerability VCID-cvk2-93hm-gkhx
33
vulnerability VCID-dsqm-9q3e-dudw
34
vulnerability VCID-e6zr-4bgg-kkh5
35
vulnerability VCID-emqq-kwjg-3kfk
36
vulnerability VCID-ev4k-5k1d-2bhu
37
vulnerability VCID-f319-jpf5-hyex
38
vulnerability VCID-f4n7-q72x-3yea
39
vulnerability VCID-fpa2-ffg1-fyaa
40
vulnerability VCID-fqkc-utex-3kav
41
vulnerability VCID-fqkx-v8t5-q3h6
42
vulnerability VCID-fut7-bb1f-37g7
43
vulnerability VCID-gpv4-4tpd-tbaa
44
vulnerability VCID-hknp-f88a-kqec
45
vulnerability VCID-hp99-ncuh-6ugv
46
vulnerability VCID-hsw8-nbs6-auaa
47
vulnerability VCID-j8hk-bqnb-gycp
48
vulnerability VCID-je4q-svfw-hqda
49
vulnerability VCID-jp1p-rfxa-hyd9
50
vulnerability VCID-jq5y-7h9g-mufa
51
vulnerability VCID-jwb1-3sbg-kfa5
52
vulnerability VCID-k5t3-28es-h3ez
53
vulnerability VCID-khpm-e1xb-hydb
54
vulnerability VCID-n1gz-y615-cbbk
55
vulnerability VCID-njsj-bwjq-fyap
56
vulnerability VCID-nney-azbc-pucg
57
vulnerability VCID-p576-w7dd-p3h7
58
vulnerability VCID-p7gd-anw2-1qbz
59
vulnerability VCID-pmvp-twk2-jqe4
60
vulnerability VCID-q2t1-kx56-s3c3
61
vulnerability VCID-q7vt-19eb-sqeq
62
vulnerability VCID-qcnh-z4zh-myaw
63
vulnerability VCID-qdxh-arxx-wbcr
64
vulnerability VCID-qv14-m93d-jyd9
65
vulnerability VCID-qxab-9uwr-yqhv
66
vulnerability VCID-rqrw-t2kj-mud8
67
vulnerability VCID-ru6w-m6q6-27gn
68
vulnerability VCID-sdjb-gp4t-vbgt
69
vulnerability VCID-sdsa-mh76-kqch
70
vulnerability VCID-teby-zvvw-zkhv
71
vulnerability VCID-tgyt-axv1-c7ag
72
vulnerability VCID-tzpj-j3x1-ekgk
73
vulnerability VCID-u259-2sxq-tbct
74
vulnerability VCID-u6as-cwxc-pkhk
75
vulnerability VCID-un7r-8sah-33cr
76
vulnerability VCID-uq77-aax5-k7d8
77
vulnerability VCID-vw2r-g8yy-eyf4
78
vulnerability VCID-w1wb-mq2y-dfca
79
vulnerability VCID-w7z1-aw31-vugx
80
vulnerability VCID-wat8-4m83-hken
81
vulnerability VCID-x5x1-w7yv-eye9
82
vulnerability VCID-xvyu-2hb8-8ufh
83
vulnerability VCID-xw1s-93bu-wuh9
84
vulnerability VCID-y7ds-p5r2-yuhq
85
vulnerability VCID-yh6b-tc4u-v3bk
86
vulnerability VCID-yz6t-ge1y-qfgr
87
vulnerability VCID-zeut-9wfp-q7et
88
vulnerability VCID-zgfw-pk39-gyg8
89
vulnerability VCID-zkvq-bms4-gfcv
90
vulnerability VCID-zmwv-gwq3-fkej
91
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.1.0
2
url pkg:composer/typo3/cms@9.2.0
purl pkg:composer/typo3/cms@9.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-28fn-ncj5-2ufk
5
vulnerability VCID-2rhr-8vaz-hqfj
6
vulnerability VCID-2rmv-a83x-9ka8
7
vulnerability VCID-39vn-73mc-jqav
8
vulnerability VCID-3k2k-a3gb-n3ba
9
vulnerability VCID-3ugj-6m1e-e3hr
10
vulnerability VCID-3ye6-vqje-abh4
11
vulnerability VCID-4an7-9ph4-mkd4
12
vulnerability VCID-4eym-e6vt-8fbs
13
vulnerability VCID-4jck-w9ct-budk
14
vulnerability VCID-5k47-9k7t-rqak
15
vulnerability VCID-66kh-c1dm-8fbf
16
vulnerability VCID-6a22-c7x5-sqe2
17
vulnerability VCID-6mnf-2fcw-dqgp
18
vulnerability VCID-7ch1-q9f4-a7bt
19
vulnerability VCID-7m6u-k5tp-gkhy
20
vulnerability VCID-7xv1-78u7-xufp
21
vulnerability VCID-848u-w88s-5bbe
22
vulnerability VCID-8w4e-d49b-nbg8
23
vulnerability VCID-94r9-hh4g-jkej
24
vulnerability VCID-953t-q1cr-zyd6
25
vulnerability VCID-9adx-p876-kyb5
26
vulnerability VCID-9yu1-z7c2-t3fj
27
vulnerability VCID-a1g9-pyz5-9fca
28
vulnerability VCID-abjx-8v46-d7d8
29
vulnerability VCID-am6s-67bm-77dr
30
vulnerability VCID-bbh5-rss8-bfct
31
vulnerability VCID-buj5-2t53-3kcr
32
vulnerability VCID-cvk2-93hm-gkhx
33
vulnerability VCID-dsqm-9q3e-dudw
34
vulnerability VCID-e6zr-4bgg-kkh5
35
vulnerability VCID-emqq-kwjg-3kfk
36
vulnerability VCID-ev4k-5k1d-2bhu
37
vulnerability VCID-f319-jpf5-hyex
38
vulnerability VCID-f4n7-q72x-3yea
39
vulnerability VCID-fpa2-ffg1-fyaa
40
vulnerability VCID-fqkc-utex-3kav
41
vulnerability VCID-fqkx-v8t5-q3h6
42
vulnerability VCID-fut7-bb1f-37g7
43
vulnerability VCID-gpv4-4tpd-tbaa
44
vulnerability VCID-hknp-f88a-kqec
45
vulnerability VCID-hp99-ncuh-6ugv
46
vulnerability VCID-hsw8-nbs6-auaa
47
vulnerability VCID-j8hk-bqnb-gycp
48
vulnerability VCID-je4q-svfw-hqda
49
vulnerability VCID-jp1p-rfxa-hyd9
50
vulnerability VCID-jq5y-7h9g-mufa
51
vulnerability VCID-jwb1-3sbg-kfa5
52
vulnerability VCID-k5t3-28es-h3ez
53
vulnerability VCID-khpm-e1xb-hydb
54
vulnerability VCID-n1gz-y615-cbbk
55
vulnerability VCID-njsj-bwjq-fyap
56
vulnerability VCID-nney-azbc-pucg
57
vulnerability VCID-p576-w7dd-p3h7
58
vulnerability VCID-p7gd-anw2-1qbz
59
vulnerability VCID-pmvp-twk2-jqe4
60
vulnerability VCID-q2t1-kx56-s3c3
61
vulnerability VCID-q7vt-19eb-sqeq
62
vulnerability VCID-qcnh-z4zh-myaw
63
vulnerability VCID-qdxh-arxx-wbcr
64
vulnerability VCID-qv14-m93d-jyd9
65
vulnerability VCID-qxab-9uwr-yqhv
66
vulnerability VCID-rqrw-t2kj-mud8
67
vulnerability VCID-ru6w-m6q6-27gn
68
vulnerability VCID-sdjb-gp4t-vbgt
69
vulnerability VCID-sdsa-mh76-kqch
70
vulnerability VCID-teby-zvvw-zkhv
71
vulnerability VCID-tgyt-axv1-c7ag
72
vulnerability VCID-tzpj-j3x1-ekgk
73
vulnerability VCID-u259-2sxq-tbct
74
vulnerability VCID-u6as-cwxc-pkhk
75
vulnerability VCID-un7r-8sah-33cr
76
vulnerability VCID-uq77-aax5-k7d8
77
vulnerability VCID-vw2r-g8yy-eyf4
78
vulnerability VCID-w1wb-mq2y-dfca
79
vulnerability VCID-w7z1-aw31-vugx
80
vulnerability VCID-wat8-4m83-hken
81
vulnerability VCID-x5x1-w7yv-eye9
82
vulnerability VCID-xvyu-2hb8-8ufh
83
vulnerability VCID-xw1s-93bu-wuh9
84
vulnerability VCID-y7ds-p5r2-yuhq
85
vulnerability VCID-yh6b-tc4u-v3bk
86
vulnerability VCID-yz6t-ge1y-qfgr
87
vulnerability VCID-zeut-9wfp-q7et
88
vulnerability VCID-zgfw-pk39-gyg8
89
vulnerability VCID-zkvq-bms4-gfcv
90
vulnerability VCID-zmwv-gwq3-fkej
91
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.2.0
aliases CVE-2018-6905, GHSA-3w22-wrwx-2r75
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vq15-t92r-5bhx
52
url VCID-w65h-8a9d-ckgj
vulnerability_id VCID-w65h-8a9d-ckgj
summary 
TYPO3 Cross-Site Scripting Vulnerability Exploitable by Editors
It has been discovered that link tags generated by typolink functionality in the website's frontend are vulnerable to cross-site scripting - values being assigned to HTML attributes have not been parsed correctly. A valid backend user account is needed to exploit this vulnerability.

As second and separate vulnerability in the filelist module of the backend user interface has been referenced with this advisory as well. Error messages being shown after using a malicious name for renaming a file are not propery encoded, thus vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-3.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-3.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/7695d91fca1a96a3a3e7466097ae92c32b1130d8
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/7695d91fca1a96a3a3e7466097ae92c32b1130d8
3
reference_url https://github.com/TYPO3/typo3/commit/d7feb40c8d277c6b6ab3a548313be1e1a2084299
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/d7feb40c8d277c6b6ab3a548313be1e1a2084299
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2015-004
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2015-004
5
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-004
6
reference_url https://github.com/advisories/GHSA-wp8j-c736-c5r3
reference_id GHSA-wp8j-c736-c5r3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wp8j-c736-c5r3
fixed_packages
0
url pkg:composer/typo3/cms@7.3.1
purl pkg:composer/typo3/cms@7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5hm4-ms5p-uuae
5
vulnerability VCID-66kh-c1dm-8fbf
6
vulnerability VCID-8jcy-3kje-fqeh
7
vulnerability VCID-953t-q1cr-zyd6
8
vulnerability VCID-abjx-8v46-d7d8
9
vulnerability VCID-ansr-8m5j-pya6
10
vulnerability VCID-c57c-akce-xufq
11
vulnerability VCID-dsqm-9q3e-dudw
12
vulnerability VCID-e1ms-4r4s-g7e7
13
vulnerability VCID-e2bk-pfbe-puek
14
vulnerability VCID-e82x-2cdb-7fgn
15
vulnerability VCID-ev4k-5k1d-2bhu
16
vulnerability VCID-fdnw-2tz5-4fdr
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-gpv4-4tpd-tbaa
19
vulnerability VCID-hm4k-wbq3-r7ej
20
vulnerability VCID-hp99-ncuh-6ugv
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-hyx9-8ae6-sba8
23
vulnerability VCID-j6x1-dfre-2bdq
24
vulnerability VCID-jp1p-rfxa-hyd9
25
vulnerability VCID-jq5y-7h9g-mufa
26
vulnerability VCID-jwb1-3sbg-kfa5
27
vulnerability VCID-n18b-qe5x-z7cj
28
vulnerability VCID-nhjv-nke2-2kf8
29
vulnerability VCID-njsj-bwjq-fyap
30
vulnerability VCID-p576-w7dd-p3h7
31
vulnerability VCID-p7gd-anw2-1qbz
32
vulnerability VCID-qcnh-z4zh-myaw
33
vulnerability VCID-qek9-g3h8-nfdz
34
vulnerability VCID-rs13-zf7b-mka7
35
vulnerability VCID-teby-zvvw-zkhv
36
vulnerability VCID-tzpj-j3x1-ekgk
37
vulnerability VCID-u6h1-ccgw-jqds
38
vulnerability VCID-ub3e-hrb1-wqac
39
vulnerability VCID-uq77-aax5-k7d8
40
vulnerability VCID-vq15-t92r-5bhx
41
vulnerability VCID-wms8-dnuz-b3hc
42
vulnerability VCID-xvyu-2hb8-8ufh
43
vulnerability VCID-xw1s-93bu-wuh9
44
vulnerability VCID-yz6t-ge1y-qfgr
45
vulnerability VCID-zru2-9g25-77dc
46
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.1
aliases GHSA-wp8j-c736-c5r3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w65h-8a9d-ckgj
53
url VCID-wms8-dnuz-b3hc
vulnerability_id VCID-wms8-dnuz-b3hc
summary 
Multiple Cross-Site Scripting vulnerabilities in backend
Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript.
references
0
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/
reference_id
reference_type
scores
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-011/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.1
purl pkg:composer/typo3/cms@7.6.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2r7u-mc45-8yhe
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-2vpx-fqb6-aqfa
5
vulnerability VCID-39jx-muqb-nkfq
6
vulnerability VCID-3ugj-6m1e-e3hr
7
vulnerability VCID-4wnp-gusy-43b8
8
vulnerability VCID-5dxs-cdht-27hw
9
vulnerability VCID-5hm4-ms5p-uuae
10
vulnerability VCID-5ppx-p8eq-mbgk
11
vulnerability VCID-5u2f-5zzf-j3e4
12
vulnerability VCID-66kh-c1dm-8fbf
13
vulnerability VCID-66ru-n2df-b3ay
14
vulnerability VCID-6su8-bbrw-hbhp
15
vulnerability VCID-727q-h3ey-6yc9
16
vulnerability VCID-8jcy-3kje-fqeh
17
vulnerability VCID-8p64-6zpt-t3av
18
vulnerability VCID-953t-q1cr-zyd6
19
vulnerability VCID-9726-hafj-wkay
20
vulnerability VCID-9saf-w56y-pugz
21
vulnerability VCID-abjx-8v46-d7d8
22
vulnerability VCID-bstt-ybrs-5ua3
23
vulnerability VCID-dd9u-w2y2-87h9
24
vulnerability VCID-dsqm-9q3e-dudw
25
vulnerability VCID-e564-zdku-9fc6
26
vulnerability VCID-ekvp-u4kk-kqdd
27
vulnerability VCID-eutz-mj58-audb
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-exjy-5cyn-zfg1
30
vulnerability VCID-fdnw-2tz5-4fdr
31
vulnerability VCID-fgqa-5fx9-nkaz
32
vulnerability VCID-fh61-7rfy-s3hg
33
vulnerability VCID-fqkx-v8t5-q3h6
34
vulnerability VCID-g7mm-vjbw-bbhd
35
vulnerability VCID-g9ns-sxkx-aqh1
36
vulnerability VCID-gpv4-4tpd-tbaa
37
vulnerability VCID-h217-xe8x-nua3
38
vulnerability VCID-h7cg-64er-uya9
39
vulnerability VCID-h7hf-sf2q-73ay
40
vulnerability VCID-hp99-ncuh-6ugv
41
vulnerability VCID-hsw8-nbs6-auaa
42
vulnerability VCID-hyx9-8ae6-sba8
43
vulnerability VCID-hzma-cduk-3uhp
44
vulnerability VCID-j8sh-5evd-dkaz
45
vulnerability VCID-jenc-czvj-g3gw
46
vulnerability VCID-jeqr-9tfu-f7b2
47
vulnerability VCID-jf28-91be-6kbr
48
vulnerability VCID-jmea-qzsr-wkf4
49
vulnerability VCID-jn38-wfec-7bb2
50
vulnerability VCID-jp1p-rfxa-hyd9
51
vulnerability VCID-jq5y-7h9g-mufa
52
vulnerability VCID-jqe4-8hzb-mfea
53
vulnerability VCID-jwb1-3sbg-kfa5
54
vulnerability VCID-kp2p-nbmg-ufen
55
vulnerability VCID-ks1q-a8x2-uqht
56
vulnerability VCID-m3nc-xbb4-yubr
57
vulnerability VCID-mctp-nf36-7qdn
58
vulnerability VCID-nhjv-nke2-2kf8
59
vulnerability VCID-njsj-bwjq-fyap
60
vulnerability VCID-nvbp-pbjw-3qgx
61
vulnerability VCID-p576-w7dd-p3h7
62
vulnerability VCID-p7gd-anw2-1qbz
63
vulnerability VCID-qcnh-z4zh-myaw
64
vulnerability VCID-s97a-nmk8-y3ay
65
vulnerability VCID-sdz8-hju8-4bcb
66
vulnerability VCID-sy7r-d6pv-yba9
67
vulnerability VCID-teby-zvvw-zkhv
68
vulnerability VCID-tgyt-axv1-c7ag
69
vulnerability VCID-tzpj-j3x1-ekgk
70
vulnerability VCID-u4tq-8qnk-5fd7
71
vulnerability VCID-u5he-6tqb-gqaf
72
vulnerability VCID-uq77-aax5-k7d8
73
vulnerability VCID-vq15-t92r-5bhx
74
vulnerability VCID-w58p-3wg1-7ycr
75
vulnerability VCID-x175-xjek-97ds
76
vulnerability VCID-xh68-defe-f7ce
77
vulnerability VCID-xpxg-qq49-b7fd
78
vulnerability VCID-xt7m-u9eb-fyd9
79
vulnerability VCID-xvyu-2hb8-8ufh
80
vulnerability VCID-xw1s-93bu-wuh9
81
vulnerability VCID-y1ap-y4az-x7ec
82
vulnerability VCID-ygw4-jdqu-4fbt
83
vulnerability VCID-yn6z-9v7k-x7br
84
vulnerability VCID-yz6t-ge1y-qfgr
85
vulnerability VCID-zrz3-3dnf-tbay
86
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.1
aliases TYPO3-CORE-SA-2015-011
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wms8-dnuz-b3hc
54
url VCID-xvyu-2hb8-8ufh
vulnerability_id VCID-xvyu-2hb8-8ufh
summary 
TYPO3 Information Disclosure in Install Tool
The Install Tool exposes the current TYPO3 version number to non-authenticated users.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-5.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2018-12-11-5.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/232d0a64282382229c205904173a16a581555fe3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/232d0a64282382229c205904173a16a581555fe3
3
reference_url https://github.com/TYPO3/typo3/commit/b4dd20f31d483f6399e8bcbffcac3e16a2df0d92
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/b4dd20f31d483f6399e8bcbffcac3e16a2df0d92
4
reference_url https://github.com/TYPO3/typo3/commit/fab0cbc970b709ed65fc4622a2cbd52a197480c4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/fab0cbc970b709ed65fc4622a2cbd52a197480c4
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-010
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2018-010
6
reference_url https://github.com/advisories/GHSA-6487-3qvg-8px9
reference_id GHSA-6487-3qvg-8px9
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6487-3qvg-8px9
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GHSA-6487-3qvg-8px9
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xvyu-2hb8-8ufh
55
url VCID-xw1s-93bu-wuh9
vulnerability_id VCID-xw1s-93bu-wuh9
summary 
Path Traversal
It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-19848
reference_id
reference_type
scores
0
value 0.00374
scoring_system epss
scoring_elements 0.59443
published_at 2026-06-05T12:55:00Z
1
value 0.00374
scoring_system epss
scoring_elements 0.59447
published_at 2026-06-06T12:55:00Z
2
value 0.00374
scoring_system epss
scoring_elements 0.59393
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-19848
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19848.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19848.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19848.yaml
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19848.yaml
3
reference_url https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security
4
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-024
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2019-024
5
reference_url https://typo3.org/security/advisory/typo3-core-sa-2019-024/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2019-024/
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-19848
reference_id CVE-2019-19848
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-19848
7
reference_url https://github.com/advisories/GHSA-77p4-wfr8-977w
reference_id GHSA-77p4-wfr8-977w
reference_type
scores
url https://github.com/advisories/GHSA-77p4-wfr8-977w
fixed_packages
0
url pkg:composer/typo3/cms@8.7.30
purl pkg:composer/typo3/cms@8.7.30
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-1ffs-9vj5-27hk
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-6a22-c7x5-sqe2
5
vulnerability VCID-848u-w88s-5bbe
6
vulnerability VCID-ev4k-5k1d-2bhu
7
vulnerability VCID-fqkx-v8t5-q3h6
8
vulnerability VCID-hsw8-nbs6-auaa
9
vulnerability VCID-j8hk-bqnb-gycp
10
vulnerability VCID-jp1p-rfxa-hyd9
11
vulnerability VCID-sdjb-gp4t-vbgt
12
vulnerability VCID-tgyt-axv1-c7ag
13
vulnerability VCID-tzpj-j3x1-ekgk
14
vulnerability VCID-uq77-aax5-k7d8
15
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.30
1
url pkg:composer/typo3/cms@9.5.12
purl pkg:composer/typo3/cms@9.5.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-1ffs-9vj5-27hk
2
vulnerability VCID-1sfk-z8py-ykb8
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-4an7-9ph4-mkd4
6
vulnerability VCID-6a22-c7x5-sqe2
7
vulnerability VCID-6mnf-2fcw-dqgp
8
vulnerability VCID-848u-w88s-5bbe
9
vulnerability VCID-8w4e-d49b-nbg8
10
vulnerability VCID-a1g9-pyz5-9fca
11
vulnerability VCID-bbh5-rss8-bfct
12
vulnerability VCID-bcbd-zzet-mff6
13
vulnerability VCID-e6zr-4bgg-kkh5
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fqkx-v8t5-q3h6
16
vulnerability VCID-hsw8-nbs6-auaa
17
vulnerability VCID-j8hk-bqnb-gycp
18
vulnerability VCID-jp1p-rfxa-hyd9
19
vulnerability VCID-n1gz-y615-cbbk
20
vulnerability VCID-sdjb-gp4t-vbgt
21
vulnerability VCID-tgyt-axv1-c7ag
22
vulnerability VCID-tzpj-j3x1-ekgk
23
vulnerability VCID-un7r-8sah-33cr
24
vulnerability VCID-uq77-aax5-k7d8
25
vulnerability VCID-zkvq-bms4-gfcv
26
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.12
2
url pkg:composer/typo3/cms@10.2.2
purl pkg:composer/typo3/cms@10.2.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-13up-fwbr-17am
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-2tz2-8qdm-2kcv
7
vulnerability VCID-36cz-khgc-6fft
8
vulnerability VCID-4an7-9ph4-mkd4
9
vulnerability VCID-6a22-c7x5-sqe2
10
vulnerability VCID-6hnx-p9hv-jbg2
11
vulnerability VCID-6mnf-2fcw-dqgp
12
vulnerability VCID-6urp-p9mn-cffv
13
vulnerability VCID-6xgm-uan4-u7fu
14
vulnerability VCID-848u-w88s-5bbe
15
vulnerability VCID-8w4e-d49b-nbg8
16
vulnerability VCID-9c49-n1a2-pubu
17
vulnerability VCID-a1g9-pyz5-9fca
18
vulnerability VCID-bbh5-rss8-bfct
19
vulnerability VCID-bcbd-zzet-mff6
20
vulnerability VCID-c46m-ht19-ybc4
21
vulnerability VCID-e4zc-fmh2-n7b8
22
vulnerability VCID-e6zr-4bgg-kkh5
23
vulnerability VCID-ev4k-5k1d-2bhu
24
vulnerability VCID-fqkx-v8t5-q3h6
25
vulnerability VCID-fyyr-48a7-8qch
26
vulnerability VCID-gbev-1zs8-8bac
27
vulnerability VCID-hsw8-nbs6-auaa
28
vulnerability VCID-j8hk-bqnb-gycp
29
vulnerability VCID-jp1p-rfxa-hyd9
30
vulnerability VCID-n1gz-y615-cbbk
31
vulnerability VCID-r3az-g422-gqf9
32
vulnerability VCID-sdjb-gp4t-vbgt
33
vulnerability VCID-tgyt-axv1-c7ag
34
vulnerability VCID-tzpj-j3x1-ekgk
35
vulnerability VCID-un7r-8sah-33cr
36
vulnerability VCID-uq77-aax5-k7d8
37
vulnerability VCID-x8qf-w4vq-mfhm
38
vulnerability VCID-x8tq-5na6-gfbj
39
vulnerability VCID-zkvq-bms4-gfcv
40
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.2.2
aliases CVE-2019-19848, GHSA-77p4-wfr8-977w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xw1s-93bu-wuh9
56
url VCID-ys6f-g39p-fkfc
vulnerability_id VCID-ys6f-g39p-fkfc
summary 
TYPO3 Information Disclosure Vulnerability Exploitable by Editors
It has been discovered, that editors with access to the file list module could list all files names and folder names in the root directory of a TYPO3 installation. Modification of files, listing further nested directories or retrieving file contents was not possible. A valid backend user account is needed to exploit this vulnerability.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-4.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-4.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/d9caccb26c954834e7d43fbbe84a3130cc95524a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/d9caccb26c954834e7d43fbbe84a3130cc95524a
3
reference_url https://typo3.org/security/advisory/typo3-core-sa-2015-005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2015-005
4
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-005
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-005
5
reference_url https://github.com/advisories/GHSA-r287-hc8j-w56h
reference_id GHSA-r287-hc8j-w56h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r287-hc8j-w56h
fixed_packages
0
url pkg:composer/typo3/cms@7.3.1
purl pkg:composer/typo3/cms@7.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5hm4-ms5p-uuae
5
vulnerability VCID-66kh-c1dm-8fbf
6
vulnerability VCID-8jcy-3kje-fqeh
7
vulnerability VCID-953t-q1cr-zyd6
8
vulnerability VCID-abjx-8v46-d7d8
9
vulnerability VCID-ansr-8m5j-pya6
10
vulnerability VCID-c57c-akce-xufq
11
vulnerability VCID-dsqm-9q3e-dudw
12
vulnerability VCID-e1ms-4r4s-g7e7
13
vulnerability VCID-e2bk-pfbe-puek
14
vulnerability VCID-e82x-2cdb-7fgn
15
vulnerability VCID-ev4k-5k1d-2bhu
16
vulnerability VCID-fdnw-2tz5-4fdr
17
vulnerability VCID-fqkx-v8t5-q3h6
18
vulnerability VCID-gpv4-4tpd-tbaa
19
vulnerability VCID-hm4k-wbq3-r7ej
20
vulnerability VCID-hp99-ncuh-6ugv
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-hyx9-8ae6-sba8
23
vulnerability VCID-j6x1-dfre-2bdq
24
vulnerability VCID-jp1p-rfxa-hyd9
25
vulnerability VCID-jq5y-7h9g-mufa
26
vulnerability VCID-jwb1-3sbg-kfa5
27
vulnerability VCID-n18b-qe5x-z7cj
28
vulnerability VCID-nhjv-nke2-2kf8
29
vulnerability VCID-njsj-bwjq-fyap
30
vulnerability VCID-p576-w7dd-p3h7
31
vulnerability VCID-p7gd-anw2-1qbz
32
vulnerability VCID-qcnh-z4zh-myaw
33
vulnerability VCID-qek9-g3h8-nfdz
34
vulnerability VCID-rs13-zf7b-mka7
35
vulnerability VCID-teby-zvvw-zkhv
36
vulnerability VCID-tzpj-j3x1-ekgk
37
vulnerability VCID-u6h1-ccgw-jqds
38
vulnerability VCID-ub3e-hrb1-wqac
39
vulnerability VCID-uq77-aax5-k7d8
40
vulnerability VCID-vq15-t92r-5bhx
41
vulnerability VCID-wms8-dnuz-b3hc
42
vulnerability VCID-xvyu-2hb8-8ufh
43
vulnerability VCID-xw1s-93bu-wuh9
44
vulnerability VCID-yz6t-ge1y-qfgr
45
vulnerability VCID-zru2-9g25-77dc
46
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.3.1
aliases GHSA-r287-hc8j-w56h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ys6f-g39p-fkfc
57
url VCID-yz6t-ge1y-qfgr
vulnerability_id VCID-yz6t-ge1y-qfgr
summary Security Misconfiguration in Install Tool Cookie.
references
0
reference_url https://typo3.org/security/advisory/typo3-core-sa-2018-009/
reference_id
reference_type
scores
url https://typo3.org/security/advisory/typo3-core-sa-2018-009/
fixed_packages
0
url pkg:composer/typo3/cms@7.6.32
purl pkg:composer/typo3/cms@7.6.32
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2rhr-8vaz-hqfj
1
vulnerability VCID-2rmv-a83x-9ka8
2
vulnerability VCID-ev4k-5k1d-2bhu
3
vulnerability VCID-fqkx-v8t5-q3h6
4
vulnerability VCID-hsw8-nbs6-auaa
5
vulnerability VCID-jp1p-rfxa-hyd9
6
vulnerability VCID-p7gd-anw2-1qbz
7
vulnerability VCID-tgyt-axv1-c7ag
8
vulnerability VCID-tzpj-j3x1-ekgk
9
vulnerability VCID-uq77-aax5-k7d8
10
vulnerability VCID-xw1s-93bu-wuh9
11
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.6.32
1
url pkg:composer/typo3/cms@8.7.21
purl pkg:composer/typo3/cms@8.7.21
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-2rhr-8vaz-hqfj
4
vulnerability VCID-2rmv-a83x-9ka8
5
vulnerability VCID-39vn-73mc-jqav
6
vulnerability VCID-4eym-e6vt-8fbs
7
vulnerability VCID-5k47-9k7t-rqak
8
vulnerability VCID-6a22-c7x5-sqe2
9
vulnerability VCID-7m6u-k5tp-gkhy
10
vulnerability VCID-848u-w88s-5bbe
11
vulnerability VCID-94r9-hh4g-jkej
12
vulnerability VCID-9yu1-z7c2-t3fj
13
vulnerability VCID-am6s-67bm-77dr
14
vulnerability VCID-bn3p-39sv-6fdg
15
vulnerability VCID-buj5-2t53-3kcr
16
vulnerability VCID-ev4k-5k1d-2bhu
17
vulnerability VCID-f319-jpf5-hyex
18
vulnerability VCID-fqkc-utex-3kav
19
vulnerability VCID-fqkx-v8t5-q3h6
20
vulnerability VCID-fut7-bb1f-37g7
21
vulnerability VCID-hsw8-nbs6-auaa
22
vulnerability VCID-j8hk-bqnb-gycp
23
vulnerability VCID-jp1p-rfxa-hyd9
24
vulnerability VCID-k5t3-28es-h3ez
25
vulnerability VCID-khpm-e1xb-hydb
26
vulnerability VCID-nney-azbc-pucg
27
vulnerability VCID-p7gd-anw2-1qbz
28
vulnerability VCID-pmvp-twk2-jqe4
29
vulnerability VCID-q7vt-19eb-sqeq
30
vulnerability VCID-qdxh-arxx-wbcr
31
vulnerability VCID-qv14-m93d-jyd9
32
vulnerability VCID-rqrw-t2kj-mud8
33
vulnerability VCID-ru6w-m6q6-27gn
34
vulnerability VCID-sdjb-gp4t-vbgt
35
vulnerability VCID-sdsa-mh76-kqch
36
vulnerability VCID-tgyt-axv1-c7ag
37
vulnerability VCID-tzpj-j3x1-ekgk
38
vulnerability VCID-u259-2sxq-tbct
39
vulnerability VCID-u6as-cwxc-pkhk
40
vulnerability VCID-uq77-aax5-k7d8
41
vulnerability VCID-vw2r-g8yy-eyf4
42
vulnerability VCID-w483-prq4-rycx
43
vulnerability VCID-wat8-4m83-hken
44
vulnerability VCID-x5x1-w7yv-eye9
45
vulnerability VCID-xw1s-93bu-wuh9
46
vulnerability VCID-y7ds-p5r2-yuhq
47
vulnerability VCID-yh6b-tc4u-v3bk
48
vulnerability VCID-zgfw-pk39-gyg8
49
vulnerability VCID-zmwv-gwq3-fkej
50
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.21
2
url pkg:composer/typo3/cms@9.5.2
purl pkg:composer/typo3/cms@9.5.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-11sw-6x9k-vued
1
vulnerability VCID-11u3-8xzy-jfhh
2
vulnerability VCID-1ffs-9vj5-27hk
3
vulnerability VCID-1sfk-z8py-ykb8
4
vulnerability VCID-2rhr-8vaz-hqfj
5
vulnerability VCID-2rmv-a83x-9ka8
6
vulnerability VCID-39vn-73mc-jqav
7
vulnerability VCID-3k2k-a3gb-n3ba
8
vulnerability VCID-3ye6-vqje-abh4
9
vulnerability VCID-4an7-9ph4-mkd4
10
vulnerability VCID-4eym-e6vt-8fbs
11
vulnerability VCID-4jck-w9ct-budk
12
vulnerability VCID-5k47-9k7t-rqak
13
vulnerability VCID-6a22-c7x5-sqe2
14
vulnerability VCID-6mnf-2fcw-dqgp
15
vulnerability VCID-7m6u-k5tp-gkhy
16
vulnerability VCID-7xv1-78u7-xufp
17
vulnerability VCID-848u-w88s-5bbe
18
vulnerability VCID-8w4e-d49b-nbg8
19
vulnerability VCID-94r9-hh4g-jkej
20
vulnerability VCID-9adx-p876-kyb5
21
vulnerability VCID-9yu1-z7c2-t3fj
22
vulnerability VCID-a1g9-pyz5-9fca
23
vulnerability VCID-am6s-67bm-77dr
24
vulnerability VCID-bbh5-rss8-bfct
25
vulnerability VCID-buj5-2t53-3kcr
26
vulnerability VCID-cvk2-93hm-gkhx
27
vulnerability VCID-e6zr-4bgg-kkh5
28
vulnerability VCID-ev4k-5k1d-2bhu
29
vulnerability VCID-f319-jpf5-hyex
30
vulnerability VCID-f4n7-q72x-3yea
31
vulnerability VCID-fqkc-utex-3kav
32
vulnerability VCID-fqkx-v8t5-q3h6
33
vulnerability VCID-fut7-bb1f-37g7
34
vulnerability VCID-hsw8-nbs6-auaa
35
vulnerability VCID-j8hk-bqnb-gycp
36
vulnerability VCID-jp1p-rfxa-hyd9
37
vulnerability VCID-k5t3-28es-h3ez
38
vulnerability VCID-khpm-e1xb-hydb
39
vulnerability VCID-n1gz-y615-cbbk
40
vulnerability VCID-nney-azbc-pucg
41
vulnerability VCID-p7gd-anw2-1qbz
42
vulnerability VCID-pmvp-twk2-jqe4
43
vulnerability VCID-q2t1-kx56-s3c3
44
vulnerability VCID-q7vt-19eb-sqeq
45
vulnerability VCID-qdxh-arxx-wbcr
46
vulnerability VCID-qv14-m93d-jyd9
47
vulnerability VCID-rqrw-t2kj-mud8
48
vulnerability VCID-ru6w-m6q6-27gn
49
vulnerability VCID-sdjb-gp4t-vbgt
50
vulnerability VCID-sdsa-mh76-kqch
51
vulnerability VCID-tgyt-axv1-c7ag
52
vulnerability VCID-tzpj-j3x1-ekgk
53
vulnerability VCID-u259-2sxq-tbct
54
vulnerability VCID-u6as-cwxc-pkhk
55
vulnerability VCID-un7r-8sah-33cr
56
vulnerability VCID-uq77-aax5-k7d8
57
vulnerability VCID-vw2r-g8yy-eyf4
58
vulnerability VCID-w7z1-aw31-vugx
59
vulnerability VCID-wat8-4m83-hken
60
vulnerability VCID-x5x1-w7yv-eye9
61
vulnerability VCID-xw1s-93bu-wuh9
62
vulnerability VCID-y7ds-p5r2-yuhq
63
vulnerability VCID-yh6b-tc4u-v3bk
64
vulnerability VCID-zeut-9wfp-q7et
65
vulnerability VCID-zgfw-pk39-gyg8
66
vulnerability VCID-zkvq-bms4-gfcv
67
vulnerability VCID-zmwv-gwq3-fkej
68
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.5.2
aliases GMS-2018-100
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yz6t-ge1y-qfgr
58
url VCID-zru2-9g25-77dc
vulnerability_id VCID-zru2-9g25-77dc
summary 
TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure
It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation.
references
0
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-09-08-1.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-09-08-1.yaml
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/commit/ed1e46f89c8e5f699ced245e873d0eff21e5c75e
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/ed1e46f89c8e5f699ced245e873d0eff21e5c75e
3
reference_url https://typo3.org/security/advisory/typo3-core-sa-2015-008
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2015-008
4
reference_url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-008
5
reference_url https://github.com/advisories/GHSA-pqfv-97hj-g97g
reference_id GHSA-pqfv-97hj-g97g
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pqfv-97hj-g97g
fixed_packages
0
url pkg:composer/typo3/cms@7.4.0
purl pkg:composer/typo3/cms@7.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-28fn-ncj5-2ufk
1
vulnerability VCID-2rhr-8vaz-hqfj
2
vulnerability VCID-2rmv-a83x-9ka8
3
vulnerability VCID-3ugj-6m1e-e3hr
4
vulnerability VCID-5hm4-ms5p-uuae
5
vulnerability VCID-66kh-c1dm-8fbf
6
vulnerability VCID-8jcy-3kje-fqeh
7
vulnerability VCID-953t-q1cr-zyd6
8
vulnerability VCID-abjx-8v46-d7d8
9
vulnerability VCID-ansr-8m5j-pya6
10
vulnerability VCID-dsqm-9q3e-dudw
11
vulnerability VCID-e1ms-4r4s-g7e7
12
vulnerability VCID-e2bk-pfbe-puek
13
vulnerability VCID-e82x-2cdb-7fgn
14
vulnerability VCID-ev4k-5k1d-2bhu
15
vulnerability VCID-fdnw-2tz5-4fdr
16
vulnerability VCID-fqkx-v8t5-q3h6
17
vulnerability VCID-gpv4-4tpd-tbaa
18
vulnerability VCID-hm4k-wbq3-r7ej
19
vulnerability VCID-hp99-ncuh-6ugv
20
vulnerability VCID-hsw8-nbs6-auaa
21
vulnerability VCID-hyx9-8ae6-sba8
22
vulnerability VCID-jp1p-rfxa-hyd9
23
vulnerability VCID-jq5y-7h9g-mufa
24
vulnerability VCID-jwb1-3sbg-kfa5
25
vulnerability VCID-n18b-qe5x-z7cj
26
vulnerability VCID-nhjv-nke2-2kf8
27
vulnerability VCID-njsj-bwjq-fyap
28
vulnerability VCID-p576-w7dd-p3h7
29
vulnerability VCID-p7gd-anw2-1qbz
30
vulnerability VCID-qcnh-z4zh-myaw
31
vulnerability VCID-qek9-g3h8-nfdz
32
vulnerability VCID-rs13-zf7b-mka7
33
vulnerability VCID-teby-zvvw-zkhv
34
vulnerability VCID-tzpj-j3x1-ekgk
35
vulnerability VCID-u6h1-ccgw-jqds
36
vulnerability VCID-ub3e-hrb1-wqac
37
vulnerability VCID-uq77-aax5-k7d8
38
vulnerability VCID-vq15-t92r-5bhx
39
vulnerability VCID-wms8-dnuz-b3hc
40
vulnerability VCID-xvyu-2hb8-8ufh
41
vulnerability VCID-xw1s-93bu-wuh9
42
vulnerability VCID-yz6t-ge1y-qfgr
43
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.4.0
aliases GHSA-pqfv-97hj-g97g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zru2-9g25-77dc
59
url VCID-zybp-mb3d-jyee
vulnerability_id VCID-zybp-mb3d-jyee
summary 
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login
### Problem
Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary.

### Solution
Update to TYPO3 versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above.

### References
* [TYPO3-CORE-SA-2022-013](https://typo3.org/security/advisory/typo3-core-sa-2022-013)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23501
reference_id
reference_type
scores
0
value 0.00187
scoring_system epss
scoring_elements 0.40437
published_at 2026-06-06T12:55:00Z
1
value 0.00187
scoring_system epss
scoring_elements 0.40434
published_at 2026-06-05T12:55:00Z
2
value 0.00187
scoring_system epss
scoring_elements 0.40354
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23501
1
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23501.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2022-23501.yaml
2
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23501.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2022-23501.yaml
3
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
4
reference_url https://github.com/TYPO3/typo3/commit/28be9cdb3fed02ce4cfc6fa2d39f7d8e2266eced
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/28be9cdb3fed02ce4cfc6fa2d39f7d8e2266eced
5
reference_url https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T18:48:00Z/
url https://github.com/TYPO3/typo3/security/advisories/GHSA-jfp7-79g7-89rf
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23501
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23501
7
reference_url https://typo3.org/security/advisory/typo3-core-sa-2022-013
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-core-sa-2022-013
8
reference_url https://github.com/advisories/GHSA-jfp7-79g7-89rf
reference_id GHSA-jfp7-79g7-89rf
reference_type
scores
url https://github.com/advisories/GHSA-jfp7-79g7-89rf
fixed_packages
0
url pkg:composer/typo3/cms@10.4.33
purl pkg:composer/typo3/cms@10.4.33
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6a22-c7x5-sqe2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@10.4.33
1
url pkg:composer/typo3/cms@11.5.20
purl pkg:composer/typo3/cms@11.5.20
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6a22-c7x5-sqe2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@11.5.20
2
url pkg:composer/typo3/cms@12.1.1
purl pkg:composer/typo3/cms@12.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6a22-c7x5-sqe2
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@12.1.1
aliases CVE-2022-23501, GHSA-jfp7-79g7-89rf, GMS-2022-8134
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zybp-mb3d-jyee
Fixing_vulnerabilities
0
url VCID-nqqc-nkwq-rqhx
vulnerability_id VCID-nqqc-nkwq-rqhx
summary 
Cross-site Scripting
`svg.swf` in TYPO3 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a `contrib/websvg/svg.swf` pathname.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8091
reference_id
reference_type
scores
0
value 0.20517
scoring_system epss
scoring_elements 0.95671
published_at 2026-06-04T12:55:00Z
1
value 0.20517
scoring_system epss
scoring_elements 0.95681
published_at 2026-06-06T12:55:00Z
2
value 0.20517
scoring_system epss
scoring_elements 0.95677
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8091
1
reference_url https://github.com/TYPO3/typo3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3
2
reference_url https://github.com/TYPO3/typo3/blob/4cb53e828bd5138d180cdf9cac1ccf7fd31086d2/typo3/sysext/core/Documentation/Changelog/7.2/Breaking-65962-WebSVGLibraryAndAPIRemoved.rst
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/blob/4cb53e828bd5138d180cdf9cac1ccf7fd31086d2/typo3/sysext/core/Documentation/Changelog/7.2/Breaking-65962-WebSVGLibraryAndAPIRemoved.rst
3
reference_url https://github.com/TYPO3/typo3/commit/482e2e992f80f5e38cb48fcaea40fd9812a5252c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/TYPO3/typo3/commit/482e2e992f80f5e38cb48fcaea40fd9812a5252c
4
reference_url https://typo3.org/security/advisory/typo3-psa-2019-003
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://typo3.org/security/advisory/typo3-psa-2019-003
5
reference_url https://www.purplemet.com/blog/typo3-xss-vulnerability
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.purplemet.com/blog/typo3-xss-vulnerability
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8091
reference_id CVE-2020-8091
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8091
fixed_packages
0
url pkg:composer/typo3/cms@6.2.39
purl pkg:composer/typo3/cms@6.2.39
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@6.2.39
1
url pkg:composer/typo3/cms@7.2.0
purl pkg:composer/typo3/cms@7.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1u4r-r97q-3yfk
1
vulnerability VCID-28fn-ncj5-2ufk
2
vulnerability VCID-2rhr-8vaz-hqfj
3
vulnerability VCID-2rmv-a83x-9ka8
4
vulnerability VCID-3ugj-6m1e-e3hr
5
vulnerability VCID-5hm4-ms5p-uuae
6
vulnerability VCID-5ru2-1n1f-afa4
7
vulnerability VCID-66kh-c1dm-8fbf
8
vulnerability VCID-7n9x-c9gs-9yb3
9
vulnerability VCID-8jcy-3kje-fqeh
10
vulnerability VCID-953t-q1cr-zyd6
11
vulnerability VCID-9899-uxyb-73gg
12
vulnerability VCID-abjx-8v46-d7d8
13
vulnerability VCID-ansr-8m5j-pya6
14
vulnerability VCID-c57c-akce-xufq
15
vulnerability VCID-cgqm-1wwf-kbg6
16
vulnerability VCID-dsqm-9q3e-dudw
17
vulnerability VCID-dwjk-7sqh-hqa8
18
vulnerability VCID-dyhd-5p1e-fya6
19
vulnerability VCID-e1gr-txgg-fqa6
20
vulnerability VCID-e1ms-4r4s-g7e7
21
vulnerability VCID-e2bk-pfbe-puek
22
vulnerability VCID-e82x-2cdb-7fgn
23
vulnerability VCID-ec17-eauu-67d3
24
vulnerability VCID-ev4k-5k1d-2bhu
25
vulnerability VCID-fdnw-2tz5-4fdr
26
vulnerability VCID-fqkx-v8t5-q3h6
27
vulnerability VCID-gpv4-4tpd-tbaa
28
vulnerability VCID-hm4k-wbq3-r7ej
29
vulnerability VCID-hp99-ncuh-6ugv
30
vulnerability VCID-hsw8-nbs6-auaa
31
vulnerability VCID-hyx9-8ae6-sba8
32
vulnerability VCID-j6x1-dfre-2bdq
33
vulnerability VCID-jp1p-rfxa-hyd9
34
vulnerability VCID-jq5y-7h9g-mufa
35
vulnerability VCID-jwb1-3sbg-kfa5
36
vulnerability VCID-n18b-qe5x-z7cj
37
vulnerability VCID-nhjv-nke2-2kf8
38
vulnerability VCID-njsj-bwjq-fyap
39
vulnerability VCID-p576-w7dd-p3h7
40
vulnerability VCID-p7gd-anw2-1qbz
41
vulnerability VCID-q5f3-nhjn-hyb4
42
vulnerability VCID-qcnh-z4zh-myaw
43
vulnerability VCID-qek9-g3h8-nfdz
44
vulnerability VCID-rae3-cugy-hbh5
45
vulnerability VCID-rs13-zf7b-mka7
46
vulnerability VCID-teby-zvvw-zkhv
47
vulnerability VCID-tzpj-j3x1-ekgk
48
vulnerability VCID-u6h1-ccgw-jqds
49
vulnerability VCID-ub3e-hrb1-wqac
50
vulnerability VCID-uq77-aax5-k7d8
51
vulnerability VCID-vq15-t92r-5bhx
52
vulnerability VCID-w65h-8a9d-ckgj
53
vulnerability VCID-wms8-dnuz-b3hc
54
vulnerability VCID-xvyu-2hb8-8ufh
55
vulnerability VCID-xw1s-93bu-wuh9
56
vulnerability VCID-ys6f-g39p-fkfc
57
vulnerability VCID-yz6t-ge1y-qfgr
58
vulnerability VCID-zru2-9g25-77dc
59
vulnerability VCID-zybp-mb3d-jyee
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.2.0
aliases CVE-2020-8091, GHSA-qvhv-pwww-53jj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nqqc-nkwq-rqhx
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@7.2.0