Search for packages
Package details: pkg:composer/typo3/cms@10.2.1
purl pkg:composer/typo3/cms@10.2.1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-56yk-z25r-nuap TYPO3 Cross-Site Scripting in Filelist Module It has been discovered that the output table listing in the “Files” backend module is vulnerable to cross-site scripting when a file extension contains malicious sequences. Access to the file system of the server - either directly or through synchronization - is required to exploit the vulnerability. GHSA-g7hw-jh4p-75wr
VCID-8mc9-ye3u-c3aj TYPO3 Insecure Deserialization in Query Generator & Query View An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges. CVE-2019-19849
GHSA-rcgc-4xfc-564v
VCID-cxp1-whzb-p7hy TYPO3 Cross-Site Scripting in Form Framework validation handling It has been discovered that the output of field validation errors in the Form Framework is vulnerable to cross-site scripting. GHSA-v8m4-3w37-ghxx
VCID-tvtv-cfzc-z3d5 TYPO3 Cross-Site Scripting in Link Handling It has been discovered that `t3://` URL handling and typolink functionality are vulnerable to cross-site scripting. Not only regular backend forms are affected but also frontend extensions which use the rendering with typolink. GHSA-xgmx-j3hv-jh9x

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T13:56:55.256883+00:00 GitLab Importer Fixing VCID-56yk-z25r-nuap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-g7hw-jh4p-75wr.yml 36.1.3
2025-07-03T13:56:54.652445+00:00 GitLab Importer Fixing VCID-tvtv-cfzc-z3d5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-xgmx-j3hv-jh9x.yml 36.1.3
2025-07-03T13:56:54.526464+00:00 GitLab Importer Fixing VCID-cxp1-whzb-p7hy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-v8m4-3w37-ghxx.yml 36.1.3
2025-07-01T14:35:07.973468+00:00 GHSA Importer Fixing VCID-cxp1-whzb-p7hy https://github.com/advisories/GHSA-v8m4-3w37-ghxx 36.1.3
2025-07-01T14:35:07.814539+00:00 GHSA Importer Fixing VCID-tvtv-cfzc-z3d5 https://github.com/advisories/GHSA-xgmx-j3hv-jh9x 36.1.3
2025-07-01T14:35:07.736741+00:00 GHSA Importer Fixing VCID-56yk-z25r-nuap https://github.com/advisories/GHSA-g7hw-jh4p-75wr 36.1.3
2025-07-01T12:28:50.901682+00:00 GithubOSV Importer Fixing VCID-8mc9-ye3u-c3aj https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rcgc-4xfc-564v/GHSA-rcgc-4xfc-564v.json 36.1.3
2025-07-01T12:11:07.447972+00:00 GithubOSV Importer Fixing VCID-tvtv-cfzc-z3d5 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-xgmx-j3hv-jh9x/GHSA-xgmx-j3hv-jh9x.json 36.1.3
2025-07-01T12:11:01.272113+00:00 GithubOSV Importer Fixing VCID-56yk-z25r-nuap https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-g7hw-jh4p-75wr/GHSA-g7hw-jh4p-75wr.json 36.1.3
2025-07-01T12:11:00.410659+00:00 GithubOSV Importer Fixing VCID-cxp1-whzb-p7hy https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-v8m4-3w37-ghxx/GHSA-v8m4-3w37-ghxx.json 36.1.3