Search for packages
Package details: pkg:composer/typo3/cms@4.3.0-alpha1
purl pkg:composer/typo3/cms@4.3.0-alpha1
Tags Ghost
Next non-vulnerable version 10.4.35
Latest non-vulnerable version 12.2.0
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-ye9t-zkkn-9bc2
Aliases:
CVE-2009-0816
GHSA-jg55-3q6h-2ccf
Typo3 Backend XSS Vulnerability An Information Disclosure vulnerability in jumpUrl mechanism, used to track access on web pages and provided files, allows a remote attacker to read arbitrary files on a host. The expected value of a mandatory hash secret, intended to invalidate such requests, is exposed to remote users allowing them to bypass access control by providing the correct value. There's no authentication required to exploit this vulnerability. The vulnerability allows to read any file, the web server user account has access to. There are no reported fixed by versions.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-01T18:13:04.838396+00:00 GitLab Importer Affected by VCID-ye9t-zkkn-9bc2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2009-0816.yml 36.1.3
2025-07-01T14:31:50.027241+00:00 GHSA Importer Affected by VCID-ye9t-zkkn-9bc2 https://github.com/advisories/GHSA-jg55-3q6h-2ccf 36.1.3