{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39555?format=json","vulnerability_id":"VCID-vq15-t92r-5bhx","summary":"Cross-site Scripting\nThe page module in TYPO3 is vulnerable to XSS via `$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']`, as demonstrated by an admin entering a crafted site name during the installation process.","aliases":[{"alias":"CVE-2018-6905"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55353?format=json","purl":"pkg:composer/typo3/cms@8.7.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@8.7.11"},{"url":"http://public2.vulnerablecode.io/api/packages/55354?format=json","purl":"pkg:composer/typo3/cms@9.1.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.1.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55352?format=json","purl":"pkg:composer/typo3/cms@9.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2rhr-8vaz-hqfj"},{"vulnerability":"VCID-3ugj-6m1e-e3hr"},{"vulnerability":"VCID-3ye6-vqje-abh4"},{"vulnerability":"VCID-4eym-e6vt-8fbs"},{"vulnerability":"VCID-4jck-w9ct-budk"},{"vulnerability":"VCID-7ch1-q9f4-a7bt"},{"vulnerability":"VCID-7m6u-k5tp-gkhy"},{"vulnerability":"VCID-7xv1-78u7-xufp"},{"vulnerability":"VCID-953t-q1cr-zyd6"},{"vulnerability":"VCID-9adx-p876-kyb5"},{"vulnerability":"VCID-a1g9-pyz5-9fca"},{"vulnerability":"VCID-abjx-8v46-d7d8"},{"vulnerability":"VCID-am6s-67bm-77dr"},{"vulnerability":"VCID-cvk2-93hm-gkhx"},{"vulnerability":"VCID-dsqm-9q3e-dudw"},{"vulnerability":"VCID-emqq-kwjg-3kfk"},{"vulnerability":"VCID-fut7-bb1f-37g7"},{"vulnerability":"VCID-hp99-ncuh-6ugv"},{"vulnerability":"VCID-j8hk-bqnb-gycp"},{"vulnerability":"VCID-je4q-svfw-hqda"},{"vulnerability":"VCID-jq5y-7h9g-mufa"},{"vulnerability":"VCID-k5t3-28es-h3ez"},{"vulnerability":"VCID-khpm-e1xb-hydb"},{"vulnerability":"VCID-njsj-bwjq-fyap"},{"vulnerability":"VCID-nney-azbc-pucg"},{"vulnerability":"VCID-pmvp-twk2-jqe4"},{"vulnerability":"VCID-qv14-m93d-jyd9"},{"vulnerability":"VCID-qxab-9uwr-yqhv"},{"vulnerability":"VCID-ru6w-m6q6-27gn"},{"vulnerability":"VCID-sdjb-gp4t-vbgt"},{"vulnerability":"VCID-sdsa-mh76-kqch"},{"vulnerability":"VCID-u259-2sxq-tbct"},{"vulnerability":"VCID-uq77-aax5-k7d8"},{"vulnerability":"VCID-vq15-t92r-5bhx"},{"vulnerability":"VCID-vw2r-g8yy-eyf4"},{"vulnerability":"VCID-w1wb-mq2y-dfca"},{"vulnerability":"VCID-x5x1-w7yv-eye9"},{"vulnerability":"VCID-y7ds-p5r2-yuhq"},{"vulnerability":"VCID-yz6t-ge1y-qfgr"},{"vulnerability":"VCID-zmwv-gwq3-fkej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/typo3/cms@9.0.0"}],"references":[{"reference_url":"https://forge.typo3.org/issues/84191","reference_id":"","reference_type":"","scores":[],"url":"https://forge.typo3.org/issues/84191"},{"reference_url":"http://www.securitytracker.com/id/1040755","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040755"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6905","reference_id":"CVE-2018-6905","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6905"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":79,"name":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","description":"The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vq15-t92r-5bhx"}