VulnerableCode Package Details - pkg:composer/typo3/cms@8.3.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-1d1x-7vx6-zbfw Aliases: CVE-2017-14251 GHSA-fh4q-hxrw-cjqq	TYPO3 Arbitrary Code Execution Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.	8.7.5 Affected by 0 other vulnerabilities.
VCID-87g8-zcww-p7bm Aliases: CVE-2019-12748 GHSA-r6fv-56gp-j3r4	Typo3 Cross-Site Scripting in Link Handling TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.	8.7.27 Affected by 0 other vulnerabilities. 9.5.8 Affected by 0 other vulnerabilities.
VCID-thjz-e86b-n3a7 Aliases: CVE-2019-12747 GHSA-86hp-xrhj-fhpq	Typo3 Vulnerable to Insecure Deserialization TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.	8.7.27 Affected by 0 other vulnerabilities. 9.5.8 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1d1x-7vx6-zbfw
Aliases:
CVE-2017-14251
GHSA-fh4q-hxrw-cjqq

TYPO3 Arbitrary Code Execution Unrestricted File Upload vulnerability in the fileDenyPattern in sysext/core/Classes/Core/SystemEnvironmentBuilder.php in TYPO3 7.6.0 to 7.6.21 and 8.0.0 to 8.7.4 allows remote authenticated users to upload files with a .pht extension and consequently execute arbitrary PHP code.

8.7.5
Affected by 0 other vulnerabilities.

VCID-87g8-zcww-p7bm
Aliases:
CVE-2019-12748
GHSA-r6fv-56gp-j3r4

Typo3 Cross-Site Scripting in Link Handling TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS.

8.7.27
Affected by 0 other vulnerabilities.

9.5.8
Affected by 0 other vulnerabilities.

VCID-thjz-e86b-n3a7
Aliases:
CVE-2019-12747
GHSA-86hp-xrhj-fhpq

Typo3 Vulnerable to Insecure Deserialization TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data.

8.7.27
Affected by 0 other vulnerabilities.

9.5.8
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-gb7f-4sm6-tkaw	Uncontrolled Resource Consumption Cache Flooding in TYPO3 Frontend.	2016-09-14-2
VCID-t7fe-ph2m-j3e5	Cross-site Scripting XSS in TYPO3 Backend.	2016-09-14-1

Vulnerability

Summary

Aliases

VCID-gb7f-4sm6-tkaw

Uncontrolled Resource Consumption Cache Flooding in TYPO3 Frontend.

2016-09-14-2

VCID-t7fe-ph2m-j3e5

Cross-site Scripting XSS in TYPO3 Backend.

2016-09-14-1

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-01T18:11:43.465172+00:00	GitLab Importer	Affected by	VCID-87g8-zcww-p7bm	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2019-12748.yml	36.1.3
2025-07-01T18:11:43.432312+00:00	GitLab Importer	Affected by	VCID-thjz-e86b-n3a7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2019-12747.yml	36.1.3
2025-07-01T18:10:30.744902+00:00	GitLab Importer	Affected by	VCID-1d1x-7vx6-zbfw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2017-14251.yml	36.1.3
2025-07-01T18:10:14.306581+00:00	GitLab Importer	Fixing	VCID-gb7f-4sm6-tkaw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-09-14-2.yml	36.1.3
2025-07-01T18:10:14.271092+00:00	GitLab Importer	Fixing	VCID-t7fe-ph2m-j3e5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-09-14-1.yml	36.1.3