Search for packages
Package details: pkg:composer/typo3/cms-core@7.1.0
purl pkg:composer/typo3/cms-core@7.1.0
Tags Ghost
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-2ypz-t2ty-c3e3
Aliases:
CVE-2020-8091
GHSA-qvhv-pwww-53jj
Typo3 Cross-Site Scripting in Flash component (ELTS) TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 included a vulnerable external component, which could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
8.7.7
Affected by 81 other vulnerabilities.
VCID-7rsj-1mbz-2bc9
Aliases:
GHSA-8c25-vj2w-p72j
TYPO3 Cross-Site Scripting in Frontend User Login Failing to properly encode user input, login status display is vulnerable to cross-site scripting in the website frontend. A valid user account is needed in order to exploit this vulnerability - either a backend user or a frontend user having the possibility to modify their user profile. Template patterns that are affected are - ###FEUSER_[fieldName]### using system extension felogin - <!--###USERNAME###--> for regular frontend rendering (pattern can be defined individually using TypoScript setting config.USERNAME_substToken)
7.6.32
Affected by 0 other vulnerabilities.
8.7.21
Affected by 56 other vulnerabilities.
9.5.2
Affected by 84 other vulnerabilities.
VCID-a3y3-cwp9-zyd6
Aliases:
CVE-2016-5091
GHSA-jxg5-35fj-ccwf
Extbase for TYPO3 allows RCE Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.
7.6.9
Affected by 0 other vulnerabilities.
8.1.2
Affected by 0 other vulnerabilities.
VCID-p778-sd22-dfea
Aliases:
GHSA-g4c9-qfvw-fmr4
TYPO3 Cross-Site Scripting in Backend Modal Component Failing to properly encode user input, notifications shown in modal windows in the TYPO3 backend are vulnerable to cross-site scripting. A valid backend user account is needed in order to exploit this vulnerability.
7.6.32
Affected by 0 other vulnerabilities.
8.7.21
Affected by 56 other vulnerabilities.
9.5.2
Affected by 84 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T13:56:49.175299+00:00 GitLab Importer Affected by VCID-p778-sd22-dfea https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-g4c9-qfvw-fmr4.yml 36.1.3
2025-07-03T13:56:48.816645+00:00 GitLab Importer Affected by VCID-7rsj-1mbz-2bc9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/GHSA-8c25-vj2w-p72j.yml 36.1.3
2025-07-03T13:54:58.941576+00:00 GitLab Importer Affected by VCID-2ypz-t2ty-c3e3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2020-8091.yml 36.1.3
2025-07-01T18:10:20.650243+00:00 GitLab Importer Affected by VCID-a3y3-cwp9-zyd6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-core/CVE-2016-5091.yml 36.1.3
2025-07-01T14:35:01.816563+00:00 GHSA Importer Affected by VCID-7rsj-1mbz-2bc9 https://github.com/advisories/GHSA-8c25-vj2w-p72j 36.1.3
2025-07-01T14:35:01.784796+00:00 GHSA Importer Affected by VCID-p778-sd22-dfea https://github.com/advisories/GHSA-g4c9-qfvw-fmr4 36.1.3