Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/in2code/femanager@5.5.3
purl pkg:composer/in2code/femanager@5.5.3
Next non-vulnerable version 6.4.2
Latest non-vulnerable version 8.3.1
Risk 3.1
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-vpgv-cr97-kffs
Aliases:
CVE-2025-7900
GHSA-rc5f-3hfv-jxp2
The femanager extension for TYPO3 allows Insecure Direct Object Reference resulting in unauthorized modification of userdata. This issue affects femanager version 6.4.1 and below, 7.0.0 to 7.5.2 and 8.0.0 to 8.3.0
6.4.2
Affected by 0 other vulnerabilities.
7.5.3
Affected by 0 other vulnerabilities.
8.3.1
Affected by 0 other vulnerabilities.
VCID-wumy-ggkp-cugg
Aliases:
CVE-2025-48202
GHSA-xxwr-wv9g-7jw3
The femanager extension through 8.2.1 for TYPO3 allows Insecure Direct Object Reference.
5.5.5
Affected by 1 other vulnerability.
6.4.1
Affected by 1 other vulnerability.
7.4.2
Affected by 1 other vulnerability.
8.2.2
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-3t7q-cyp5-mqb4 An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to set the password of all frontend users. CVE-2023-25013
GHSA-mm8v-wmqx-8h2j
VCID-d91a-d2b5-cycq An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing access checks in the InvitationController allow an unauthenticated user to delete all frontend users. CVE-2023-25014
GHSA-3p9x-xxx6-2w4p

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-13T06:25:20.794505+00:00 GHSA Importer Fixing VCID-3t7q-cyp5-mqb4 https://github.com/advisories/GHSA-mm8v-wmqx-8h2j 38.6.0
2026-06-13T06:25:20.687352+00:00 GHSA Importer Fixing VCID-d91a-d2b5-cycq https://github.com/advisories/GHSA-3p9x-xxx6-2w4p 38.6.0
2026-06-12T20:07:41.827347+00:00 GitLab Importer Affected by VCID-vpgv-cr97-kffs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2025-7900.yml 38.6.0
2026-06-12T20:02:09.527555+00:00 GitLab Importer Affected by VCID-wumy-ggkp-cugg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2025-48202.yml 38.6.0
2026-06-12T15:45:27.824520+00:00 GitLab Importer Fixing VCID-d91a-d2b5-cycq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2023-25014.yml 38.6.0
2026-06-12T15:45:27.684120+00:00 GitLab Importer Fixing VCID-3t7q-cyp5-mqb4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/in2code/femanager/CVE-2023-25013.yml 38.6.0
2026-06-12T07:58:13.917931+00:00 GithubOSV Importer Fixing VCID-d91a-d2b5-cycq https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-3p9x-xxx6-2w4p/GHSA-3p9x-xxx6-2w4p.json 38.6.0
2026-06-12T07:58:08.004522+00:00 GithubOSV Importer Fixing VCID-3t7q-cyp5-mqb4 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-mm8v-wmqx-8h2j/GHSA-mm8v-wmqx-8h2j.json 38.6.0