VulnerableCode Package Details - pkg:composer/typo3/cms@4.5.31

Search for packages

Vulnerability	Summary	Fixed by
VCID-1b85-9sx2-sucu Aliases: CVE-2013-7075 GHSA-47ww-mq32-g4xw	TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature."	4.5.32 Affected by 0 other vulnerabilities. 4.7.17 Affected by 0 other vulnerabilities. 6.0.12 Affected by 0 other vulnerabilities. 6.1.7 Affected by 0 other vulnerabilities.
VCID-8tx1-99cc-tfcc Aliases: CVE-2013-7073 GHSA-4rpv-g4gq-rh4m	TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.	4.5.32 Affected by 0 other vulnerabilities. 4.7.17 Affected by 0 other vulnerabilities. 6.0.12 Affected by 0 other vulnerabilities. 6.1.7 Affected by 0 other vulnerabilities.
VCID-txd8-gfvy-1kb1 Aliases: CVE-2013-7074 GHSA-r8m7-792j-5jvq	TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.	4.5.32 Affected by 0 other vulnerabilities. 4.7.17 Affected by 0 other vulnerabilities. 6.0.12 Affected by 0 other vulnerabilities. 6.1.7 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1b85-9sx2-sucu
Aliases:
CVE-2013-7075
GHSA-47ww-mq32-g4xw

TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature."

4.5.32
Affected by 0 other vulnerabilities.

4.7.17
Affected by 0 other vulnerabilities.

6.0.12
Affected by 0 other vulnerabilities.

6.1.7
Affected by 0 other vulnerabilities.

VCID-8tx1-99cc-tfcc
Aliases:
CVE-2013-7073
GHSA-4rpv-g4gq-rh4m

TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.

4.5.32
Affected by 0 other vulnerabilities.

4.7.17
Affected by 0 other vulnerabilities.

6.0.12
Affected by 0 other vulnerabilities.

6.1.7
Affected by 0 other vulnerabilities.

VCID-txd8-gfvy-1kb1
Aliases:
CVE-2013-7074
GHSA-r8m7-792j-5jvq

TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component Multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters.

4.5.32
Affected by 0 other vulnerabilities.

4.7.17
Affected by 0 other vulnerabilities.

6.0.12
Affected by 0 other vulnerabilities.

6.1.7
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-04T13:55:19.594064+00:00	GitLab Importer	Affected by	VCID-1b85-9sx2-sucu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2013-7075.yml	37.0.0
2025-07-04T13:55:15.415937+00:00	GitLab Importer	Affected by	VCID-txd8-gfvy-1kb1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2013-7074.yml	37.0.0
2025-07-01T18:13:44.736723+00:00	GitLab Importer	Affected by	VCID-8tx1-99cc-tfcc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2013-7073.yml	36.1.3