Search for packages
| purl | pkg:composer/typo3/cms@6.0.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-77zk-mttw-7yb5
Aliases: CVE-2014-3943 GHSA-qqh2-h6gw-6x8x |
Typo3 XSS Vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow remote authenticated editors to inject arbitrary web script or HTML via unknown parameters. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 104 other vulnerabilities. |
|
VCID-8tx1-99cc-tfcc
Aliases: CVE-2013-7073 GHSA-4rpv-g4gq-rh4m |
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-c7jx-ey45-judf
Aliases: CVE-2014-3941 GHSA-594h-cx6w-p4jf |
Typo3 Host Header Spoofing Vulnerability TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing." |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 104 other vulnerabilities. |
|
VCID-cv1m-r2d7-h3dx
Aliases: CVE-2014-3942 GHSA-55g3-fjwm-w2c8 |
TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-01T18:13:44.743529+00:00 | GitLab Importer | Affected by | VCID-8tx1-99cc-tfcc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2013-7073.yml | 36.1.3 |
| 2025-07-01T18:13:36.682582+00:00 | GitLab Importer | Affected by | VCID-77zk-mttw-7yb5 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2014-3943.yml | 36.1.3 |
| 2025-07-01T18:13:34.537270+00:00 | GitLab Importer | Affected by | VCID-c7jx-ey45-judf | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2014-3941.yml | 36.1.3 |
| 2025-07-01T18:13:29.064902+00:00 | GitLab Importer | Affected by | VCID-cv1m-r2d7-h3dx | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2014-3942.yml | 36.1.3 |