Search for packages
Package details: pkg:composer/typo3/cms@6.2.13
purl pkg:composer/typo3/cms@6.2.13
Next non-vulnerable version 10.4.35
Latest non-vulnerable version 12.2.0
Risk
Vulnerabilities affecting this package (95)
Vulnerability Summary Fixed by
VCID-18bd-kv2y-jkfw
Aliases:
GHSA-3jxq-5xhh-9jr3
Cross-Site Scripting (XSS) in TYPO3 component Backend Failing to properly encode incoming data, the bookmark toolbar is susceptible to Cross-Site Scripting.
6.2.19
Affected by 43 other vulnerabilities.
VCID-1u6q-5rdj-abdb
Aliases:
GHSA-qffc-gwpp-m2xr
XML External Entity (XXE) Processing in TYPO3 Core All XML processing within the TYPO3 CMS are vulnerable to XEE processing. This can lead to load internal and/or external (file) content within an XML structure. Furthermore it is possible to inject arbitrary files for an XML Denial of Service attack. For more information on that topic see https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing.
6.2.19
Affected by 43 other vulnerabilities.
7.6.4
Affected by 79 other vulnerabilities.
VCID-2k75-zp2r-67da
Aliases:
TYPO3-CORE-SA-2015-012
Cross-Site Scripting vulnerability in typolinks All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert javascript commands by using the url scheme "javascript:".
6.2.16
Affected by 60 other vulnerabilities.
7.6.1
Affected by 87 other vulnerabilities.
VCID-2m7w-zfua-u7b9
Aliases:
GHSA-g4pf-3jvq-2gcw
TYPO3 Remote Code Execution in third party library swiftmailer TYPO3 uses the package swiftmailer/swiftmailer for mail actions. This package is known to be vulnerable to Remote Code Execution.
6.2.30
Affected by 8 other vulnerabilities.
7.6.15
Affected by 45 other vulnerabilities.
8.5.1
Affected by 94 other vulnerabilities.
VCID-2ypz-t2ty-c3e3
Aliases:
CVE-2020-8091
GHSA-qvhv-pwww-53jj
Typo3 Cross-Site Scripting in Flash component (ELTS) TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 included a vulnerable external component, which could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system.
6.2.39
Affected by 0 other vulnerabilities.
7.2.0
Affected by 60 other vulnerabilities.
VCID-33h5-eea4-rben
Aliases:
2015-12-15-2
Cross-site Scripting Cross-Site Scripting vulnerability in typolinks.
6.2.16
Affected by 60 other vulnerabilities.
7.6.1
Affected by 87 other vulnerabilities.
VCID-3yjx-zkmc-zkau
Aliases:
2016-04-12-4
Improper Privilege Management Privilege Escalation in TYPO3 CMS.
6.2.20
Affected by 35 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.5
Affected by 73 other vulnerabilities.
8.0.1
Affected by 115 other vulnerabilities.
VCID-4c69-3sss-jfeb
Aliases:
GHSA-vgm8-r9gm-fw59
TYPO3 Cross-Site Scripting in legacy form component Failing to sanitize content from editors, the legacy form component is susceptible to Cross-Site Scripting. A valid editor account with access to a form content element is required to exploit this vulnerability.
6.2.18
Affected by 52 other vulnerabilities.
VCID-4phm-hhrx-kkc7
Aliases:
CVE-2016-4056
GHSA-ffcm-vhcw-p32r
TYPO3 Backend component Cross-site scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark.
6.2.19
Affected by 43 other vulnerabilities.
VCID-5m4k-jd3r-abaf
Aliases:
GHSA-gj48-w74w-8gvm
GMS-2024-342
Path Traversal in TYPO3 Core Due to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence.
6.2.29
Affected by 10 other vulnerabilities.
7.6.13
Affected by 46 other vulnerabilities.
8.4.1
Affected by 92 other vulnerabilities.
VCID-67n6-jmg3-qycv
Aliases:
2015-12-15-5
Cross-site Scripting Cross-Site Scripting in TYPO3 component Indexed Search.
6.2.16
Affected by 60 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
VCID-6bne-vnc6-wfe9
Aliases:
2016-07-19-5
Cross-site Scripting Cross-Site Scripting vulnerability in typolinks.
6.2.26
Affected by 20 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.10
Affected by 56 other vulnerabilities.
8.2.1
Affected by 100 other vulnerabilities.
VCID-7hxf-mt3r-6bag
Aliases:
2015-07-01-6
Cross-site Scripting Cross-Site Scripting in 3rd party library Flowplayer.
6.2.14
Affected by 83 other vulnerabilities.
7.3.0
Affected by 53 other vulnerabilities.
VCID-7rqj-m3xh-5uam
Aliases:
2015-09-08-1
Information Exposure Frontend: Unauthenticated Path Disclosure.
6.2.15
Affected by 79 other vulnerabilities.
7.3.0
Affected by 53 other vulnerabilities.
VCID-8a25-9af4-tyhk
Aliases:
GHSA-xvcp-33rc-j8gq
Insecure Unserialize in TYPO3 Import/Export Failing to properly validate incoming import data, the Import/Export component is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed.
6.2.26
Affected by 20 other vulnerabilities.
7.6.10
Affected by 56 other vulnerabilities.
8.2.1
Affected by 100 other vulnerabilities.
VCID-8fkz-6kqu-gqbk
Aliases:
TYPO3-CORE-SA-2016-024
Path Traversal Due to a too loose type check in an API method, attackers could bypass the directory traversal check by providing an invalid UTF-8 encoding sequence.
6.2.29
Affected by 10 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.13
Affected by 46 other vulnerabilities.
8.4.1
Affected by 92 other vulnerabilities.
VCID-8jv7-9a74-q3ee
Aliases:
2016-04-12-1
Cross-site Scripting Cross-Site Scripting in TYPO3 Backend.
6.2.20
Affected by 35 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.5
Affected by 73 other vulnerabilities.
8.0.1
Affected by 115 other vulnerabilities.
VCID-8mc9-ye3u-c3aj
Aliases:
CVE-2019-19849
GHSA-rcgc-4xfc-564v
TYPO3 Insecure Deserialization in Query Generator & Query View An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges.
8.7.30
Affected by 16 other vulnerabilities.
9.5.12
Affected by 27 other vulnerabilities.
10.2.1
Affected by 41 other vulnerabilities.
10.2.2
Affected by 41 other vulnerabilities.
VCID-8wyj-vv9y-jbhp
Aliases:
GHSA-8j9v-4hhh-x43c
Cross-Site Scripting (XSS) in TYPO3 component CSS styled content Failing to properly encode user input, the CSS styled content component is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript.
6.2.19
Affected by 43 other vulnerabilities.
7.6.4
Affected by 79 other vulnerabilities.
VCID-9eny-v4h6-6bhb
Aliases:
CVE-2015-8756
GHSA-xx7m-8rq2-cw2v
TYPO3 CMS indexed search Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors.
6.2.16
Affected by 60 other vulnerabilities.
VCID-a7q1-gy13-nyb5
Aliases:
GHSA-qrxh-46mr-pr7q
TYPO3 is susceptible to Cross-Site Flashing The flashplayer misses to validate flash and image files. Therefore it is possible to embed flash videos from external domains.
6.2.16
Affected by 60 other vulnerabilities.
VCID-a8wf-nz2q-s3gh
Aliases:
GHSA-gwfx-p7mr-f92v
Missing Access Check in TYPO3 CMS Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute.
6.2.25
Affected by 32 other vulnerabilities.
7.6.8
Affected by 70 other vulnerabilities.
8.1.1
Affected by 112 other vulnerabilities.
VCID-aepn-e5gq-kygg
Aliases:
TYPO3-CORE-SA-2015-014
Cross-Site Flashing The flashplayer misses to validate flash and image files. Therefore it is possible to embed flash videos from external domains.
6.2.16
Affected by 60 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
VCID-af14-5ttt-t7ac
Aliases:
TYPO3-CORE-SA-2015-011
Multiple Cross-Site Scripting vulnerabilities in backend Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript.
6.2.16
Affected by 60 other vulnerabilities.
7.6.1
Affected by 87 other vulnerabilities.
VCID-aujs-m8j8-guh1
Aliases:
2016-05-24-1
Improper Access Control Missing Access Check in TYPO3 CMS.
6.2.25
Affected by 32 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.8
Affected by 70 other vulnerabilities.
8.1.1
Affected by 112 other vulnerabilities.
VCID-axg7-qg5u-kbg7
Aliases:
GHSA-86r8-4g3w-7xjp
Cross-Site Scripting in TYPO3 Backend Failing to properly encode user input, some backend components are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this vulnerability.
6.2.26
Affected by 20 other vulnerabilities.
7.6.10
Affected by 56 other vulnerabilities.
8.2.1
Affected by 100 other vulnerabilities.
VCID-b8j6-xu3r-budh
Aliases:
2016-02-16-3
Cross-site Scripting Cross-Site Scripting in legacy form component.
6.2.18
Affected by 52 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
VCID-bd6u-nca5-gyeu
Aliases:
GHSA-hq37-rfjc-mr8h
Cross-Site Scripting (XSS) in TYPO3 Backend Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability.
6.2.27
Affected by 16 other vulnerabilities.
7.6.11
Affected by 52 other vulnerabilities.
8.3.1
Affected by 98 other vulnerabilities.
VCID-bfg8-yh9h-5kce
Aliases:
2016-02-23-4
Uncontrolled Resource Consumption Denial of Service attack possibility in TYPO3 component Indexed Search.
6.2.19
Affected by 43 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.4
Affected by 79 other vulnerabilities.
VCID-c9g4-gcfy-8ug4
Aliases:
2015-12-15-3
Cross-site Scripting Multiple Cross-Site Scripting vulnerabilities in frontend.
6.2.16
Affected by 60 other vulnerabilities.
7.6.1
Affected by 87 other vulnerabilities.
VCID-cdkv-3rbf-27ed
Aliases:
2016-07-19-4
Information Disclosure in TYPO3 Backend.
6.2.26
Affected by 20 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.10
Affected by 56 other vulnerabilities.
8.2.1
Affected by 100 other vulnerabilities.
VCID-cnqq-fdxb-9uat
Aliases:
GHSA-c7rj-92xr-wprg
Insecure Unserialize in TYPO3 Backend Failing to properly validate incoming data, the suggest wizard is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed.
6.2.29
Affected by 10 other vulnerabilities.
7.6.13
Affected by 46 other vulnerabilities.
8.4.1
Affected by 92 other vulnerabilities.
VCID-cwsm-v895-nqc7
Aliases:
CVE-2015-5956
GHSA-989h-wv8x-933p
TYPO3 cross-site scripting (XSS) The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before 7.4.0, 4.5.40, and earlier allows remote authenticated users to bypass the XSS filter and conduct cross-site scripting (XSS) attacks via a base64 encoded data URI, as demonstrated by the (1) returnUrl parameter to show_rechis.php and the (2) redirect_url parameter to index.php.
6.2.15
Affected by 79 other vulnerabilities.
7.4.0
Affected by 44 other vulnerabilities.
VCID-d2qd-qjn9-jffs
Aliases:
2016-07-19-1
Cross-site Scripting Cross-Site Scripting in TYPO3 Backend.
6.2.26
Affected by 20 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.10
Affected by 56 other vulnerabilities.
8.2.1
Affected by 100 other vulnerabilities.
VCID-d381-rcq3-n3az
Aliases:
GHSA-vpr3-rc99-2wpr
Information Disclosure in TYPO3 Backend The TYPO3 backend module stores the username of an authenticated backend user in its cache files. By guessing the file path to the cache files it is possible to receive valid backend usernames.
6.2.26
Affected by 20 other vulnerabilities.
7.6.10
Affected by 56 other vulnerabilities.
8.2.1
Affected by 100 other vulnerabilities.
VCID-d42j-347n-e7en
Aliases:
CVE-2021-21338
GHSA-4jhw-2p6j-5wmp
Open Redirection in Login Handling ### Problem It has been discovered that Login Handling is susceptible to open redirection which allows attackers redirecting to arbitrary content, and conducting phishing attacks. No authentication is required in order to exploit this vulnerability. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to Alexander Kellner who reported this issue and to TYPO3 security team member Torben Hansen who fixed the issue. ### References * [TYPO3-CORE-SA-2021-001](https://typo3.org/security/advisory/typo3-core-sa-2021-001)
6.2.57
Affected by 0 other vulnerabilities.
7.6.51
Affected by 1 other vulnerability.
8.7.40
Affected by 3 other vulnerabilities.
9.5.25
Affected by 12 other vulnerabilities.
10.4.14
Affected by 22 other vulnerabilities.
11.1.1
Affected by 23 other vulnerabilities.
VCID-dkr9-d6n6-puf5
Aliases:
TYPO3-CORE-SA-2015-013
Multiple Cross-Site Scripting vulnerabilities in frontend Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML.
6.2.16
Affected by 60 other vulnerabilities.
7.6.1
Affected by 87 other vulnerabilities.
VCID-dm6k-fzm6-sqbe
Aliases:
GHSA-p5c5-gmj4-g48f
Cross-Site Scripting (XSS) vulnerability in typolinks All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert data commands by using the url scheme "data:".
6.2.26
Affected by 20 other vulnerabilities.
7.6.10
Affected by 56 other vulnerabilities.
8.2.1
Affected by 100 other vulnerabilities.
VCID-dwrf-me8a-z7fa
Aliases:
2015-07-01-1
Improper Access Control Access bypass when editing file metadata.
6.2.14
Affected by 83 other vulnerabilities.
7.3.0
Affected by 53 other vulnerabilities.
VCID-e5ns-2x1v-sbaj
Aliases:
TYPO3-CORE-SA-2016-023
Insecure Unserialize in TYPO3 Backend Failing to properly validate incoming data, the suggest wizard is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed.
6.2.29
Affected by 10 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.13
Affected by 46 other vulnerabilities.
8.4.1
Affected by 92 other vulnerabilities.
VCID-ej97-kcp8-hffu
Aliases:
2016-02-23-2
Cross-site Scripting Cross-Site Scripting in TYPO3 component Backend.
6.2.19
Affected by 43 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
VCID-f6sb-d831-u3fh
Aliases:
TYPO3-CORE-SA-2016-021
Failing to properly encode user input, the page module is vulnerable to Cross-Site Scripting. A valid backend user account with permissions to edit plugins is needed to exploit this vulnerability.
6.2.27
Affected by 16 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.11
Affected by 52 other vulnerabilities.
8.0.0
Affected by 122 other vulnerabilities.
8.3.1
Affected by 98 other vulnerabilities.
VCID-fehf-p36x-wfha
Aliases:
2016-04-12-2
Information Exposure Arbitrary File Disclosure in Form Component.
6.2.20
Affected by 35 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
VCID-fsfv-ytty-pqbs
Aliases:
CVE-2015-8760
GHSA-3f58-74qw-ph75
TYPO3 allows remote attackers to embed Flash videos from external domain The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."
6.2.16
Affected by 60 other vulnerabilities.
VCID-gb7f-4sm6-tkaw
Aliases:
2016-09-14-2
Uncontrolled Resource Consumption Cache Flooding in TYPO3 Frontend.
6.2.27
Affected by 16 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.11
Affected by 52 other vulnerabilities.
8.3.0
Affected by 102 other vulnerabilities.
VCID-hbzu-v4jk-hyhd
Aliases:
2016-02-23-1
Improper Restriction of XML External Entity Reference XML External Entity (XXE) Processing in TYPO3 Core.
6.2.19
Affected by 43 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.4
Affected by 79 other vulnerabilities.
VCID-heyp-4b45-v7gp
Aliases:
2016-11-22-1
Insecure Deserialization Insecure Unserialize in TYPO3 Backend.
6.2.29
Affected by 10 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.13
Affected by 46 other vulnerabilities.
8.4.1
Affected by 92 other vulnerabilities.
VCID-hg6g-kn76-bfbh
Aliases:
CVE-2019-19848
GHSA-77p4-wfr8-977w
TYPO3 Directory Traversal on ZIP extraction An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)
8.7.30
Affected by 16 other vulnerabilities.
9.5.12
Affected by 27 other vulnerabilities.
10.2.2
Affected by 41 other vulnerabilities.
VCID-htsn-wq8h-qbgp
Aliases:
2017-01-03-1
Code Injection Remote Code Execution in third party library swiftmailer.
6.2.30
Affected by 8 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.15
Affected by 45 other vulnerabilities.
8.5.0
Affected by 95 other vulnerabilities.
VCID-j1nq-26xv-yff3
Aliases:
GHSA-j86x-pjmr-9m6w
SQL Injection in TYPO3 Frontend Login Failing to properly escape user input, the frontend login component is vulnerable to SQL Injection. A valid frontend user account is needed to exploit this vulnerability.
6.2.26
Affected by 20 other vulnerabilities.
7.6.10
Affected by 56 other vulnerabilities.
VCID-jtuy-ex79-tfbu
Aliases:
CVE-2018-6905
GHSA-3w22-wrwx-2r75
Typo3 XSS Vulnerability The page module in TYPO3 before 8.7.11 has XSS via `$GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename']`, as demonstrated by an admin entering a crafted site name during the installation process.
8.7.11
Affected by 76 other vulnerabilities.
9.1.0
Affected by 92 other vulnerabilities.
9.2.0
Affected by 92 other vulnerabilities.
VCID-jyxd-d6ce-7qd9
Aliases:
GHSA-r287-hc8j-w56h
TYPO3 Information Disclosure Vulnerability Exploitable by Editors It has been discovered, that editors with access to the file list module could list all files names and folder names in the root directory of a TYPO3 installation. Modification of files, listing further nested directories or retrieving file contents was not possible. A valid backend user account is needed to exploit this vulnerability.
6.2.14
Affected by 83 other vulnerabilities.
7.3.1
Affected by 47 other vulnerabilities.
VCID-k7zv-e4ez-dbaz
Aliases:
GHSA-5cxf-xx9j-54jc
Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend Failing to properly encode user input, several backend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML or JavaScript.
6.2.16
Affected by 60 other vulnerabilities.
7.6.1
Affected by 87 other vulnerabilities.
VCID-k8yx-gezq-7fd6
Aliases:
GHSA-6xh8-8pfv-53vx
Authentication Bypass in TYPO3 CMS The default authentication service misses to invalidate empty strings as password. Therefore it is possible to authenticate backend and frontend users without password set in the database. Note: TYPO3 does not allow to create user accounts without a password. Your TYPO3 installation might only be affected if there is a third party component creating user accounts without password by directly manipulating the database.
6.2.20
Affected by 35 other vulnerabilities.
7.6.5
Affected by 73 other vulnerabilities.
8.0.1
Affected by 115 other vulnerabilities.
VCID-kh9n-kuvd-pbat
Aliases:
CVE-2022-23501
GHSA-jfp7-79g7-89rf
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login ### Problem Restricting frontend login to specific users, organized in different storage folders (partitions), can be bypassed. A potential attacker might use this ambiguity in usernames to get access to a different account - however, credentials must be known to the adversary. ### Solution Update to TYPO3 versions 8.7.49 ELTS, 9.5.38 ELTS, 10.4.33, 11.5.20, 12.1.1 that fix the problem described above. ### References * [TYPO3-CORE-SA-2022-013](https://typo3.org/security/advisory/typo3-core-sa-2022-013)
10.4.33
Affected by 1 other vulnerability.
11.5.20
Affected by 1 other vulnerability.
12.1.1
Affected by 1 other vulnerability.
VCID-kjj6-m1r1-uufb
Aliases:
2015-12-15-4
Cross-site Scripting TYPO3 is susceptible to Cross-Site Flashing.
6.2.16
Affected by 60 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
VCID-kktc-18fc-cuar
Aliases:
GHSA-pqfv-97hj-g97g
TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation.
6.2.15
Affected by 79 other vulnerabilities.
7.4.0
Affected by 44 other vulnerabilities.
VCID-krcw-y6kx-37br
Aliases:
2016-02-23-3
Cross-site Scripting Cross-Site Scripting in TYPO3 component CSS styled content.
6.2.19
Affected by 43 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.4
Affected by 79 other vulnerabilities.
VCID-ksgk-se77-67at
Aliases:
GHSA-5j86-5xvg-7q93
TYPO3 Cross-Site Scripting (XSS) in form component Failing to sanitize content from unauthenticated website visitors, the form component is susceptible to Cross-Site Scripting.
6.2.18
Affected by 52 other vulnerabilities.
VCID-ky6n-ka2n-ayhu
Aliases:
TYPO3-CORE-SA-2016-022
Cache Flooding in Frontend Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the number of available valid links with a cHash, attackers could add a considerable amount of additional cache entries, which in the end exceed storage limits and thus could lead to the system not responding any more. This means the Cache Flooding attack potentially could lead to a successful Denial of Service (DoS) attack.
6.2.27
Affected by 16 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.11
Affected by 52 other vulnerabilities.
8.0.0
Affected by 122 other vulnerabilities.
8.3.1
Affected by 98 other vulnerabilities.
VCID-m3gb-henf-4uga
Aliases:
2016-07-19-3
SQL Injection in TYPO3 Frontend Login.
6.2.26
Affected by 20 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.10
Affected by 56 other vulnerabilities.
8.0.0
Affected by 122 other vulnerabilities.
VCID-m57g-8gch-7ydt
Aliases:
GHSA-9895-53fc-98v2
TYPO3 SQL Injection in dbal A flaw in the database escaping API results in a SQL injection vulnerability when extension dbal is enabled and configured for MySQL passthrough mode in its extension configuration. All queries which use the DatabaseConnection::sql_query are vulnerable, even if arguments were properly escaped with DatabaseConnection::quoteStr beforehand.
6.2.18
Affected by 52 other vulnerabilities.
VCID-maa6-4fkn-pqhz
Aliases:
GHSA-jqr8-q455-xx45
TYPO3 Brute Force Protection Bypass in backend login The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more feasible.
6.2.14
Affected by 83 other vulnerabilities.
7.3.1
Affected by 47 other vulnerabilities.
VCID-mc77-ed2h-13dy
Aliases:
GHSA-cg4m-qjjp-7497
TYPO3 Cross-Site Scripting in link validator component Failing to sanitize content from editors, the link validator component is susceptible to Cross-Site Scripting. A valid editor account with access to content which is scanned by the link validator component is required to exploit this vulnerability.
6.2.18
Affected by 52 other vulnerabilities.
7.6.3
Affected by 85 other vulnerabilities.
VCID-n14c-7g17-qudk
Aliases:
GHSA-r9vc-jfmh-6j48
TYPO3 frontend login vulnerable to Session Fixation It has been discovered that TYPO3 is susceptible to session fixation. If a user authenticates while anonymous session data is present, the session id is not changed. This makes it possible for attackers to generate a valid session id, trick users into using this session id (e.g. by leveraging a different Cross-Site Scripting vulnerability) and then maybe getting access to an authenticated session.
6.2.14
Affected by 83 other vulnerabilities.
7.3.1
Affected by 47 other vulnerabilities.
VCID-nnxd-zjsh-wqbp
Aliases:
GHSA-wp8j-c736-c5r3
TYPO3 Cross-Site Scripting Vulnerability Exploitable by Editors It has been discovered that link tags generated by typolink functionality in the website's frontend are vulnerable to cross-site scripting - values being assigned to HTML attributes have not been parsed correctly. A valid backend user account is needed to exploit this vulnerability. As second and separate vulnerability in the filelist module of the backend user interface has been referenced with this advisory as well. Error messages being shown after using a malicious name for renaming a file are not propery encoded, thus vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability.
6.2.14
Affected by 83 other vulnerabilities.
7.3.1
Affected by 47 other vulnerabilities.
VCID-psu6-y6fc-nqh4
Aliases:
2016-07-19-2
Deserialization of Untrusted Data Insecure Unserialize in TYPO3 Import/Export.
6.2.26
Affected by 20 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.10
Affected by 56 other vulnerabilities.
8.2.1
Affected by 100 other vulnerabilities.
VCID-pyn2-c81e-2bbg
Aliases:
2016-02-16-1
SQL Injection in dbal.
6.2.18
Affected by 52 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
VCID-rf5y-9xhy-ckhk
Aliases:
2015-07-01-5
Improper Restriction of Excessive Authentication Attempts Brute Force Protection Bypass in backend login.
6.2.14
Affected by 83 other vulnerabilities.
7.3.0
Affected by 53 other vulnerabilities.
VCID-rnen-s5y6-8yg1
Aliases:
CVE-2015-8759
GHSA-j5v7-9xr5-m7gx
TYPO3 Cross-site Scripting vulnerability Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field.
6.2.16
Affected by 60 other vulnerabilities.
7.6.1
Affected by 87 other vulnerabilities.
VCID-rtd6-q7tg-ykfh
Aliases:
CVE-2020-26227
GHSA-vqqx-jw6p-q3rf
Cross-Site Scripting in Fluid view helpers > ### Meta > * CVSS: `CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:F/RL:O/RC:C` (5.7) > * CWE-79 ### Problem It has been discovered that system extension Fluid (`typo3/cms-fluid`) of the TYPO3 core is vulnerable to cross-site scripting passing user-controlled data as argument to Fluid view helpers. ``` <f:form ... fieldNamePrefix="{payload}" /> <f:be.labels.csh ... label="{payload}" /> <f:be.menus.actionMenu ... label="{payload}" /> ``` ### Solution Update to TYPO3 versions 9.5.23 or 10.4.10 that fix the problem described. ### Credits Thanks to TYPO3 security team member Oliver Hader who reported this issue and to TYPO3 security team members Helmut Hummel & Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2020-010](https://typo3.org/security/advisory/typo3-core-sa-2020-010)
7.0.0
Affected by 64 other vulnerabilities.
8.0.0
Affected by 122 other vulnerabilities.
8.7.38
Affected by 0 other vulnerabilities.
9.5.23
Affected by 18 other vulnerabilities.
10.4.10
Affected by 30 other vulnerabilities.
VCID-t352-87cy-4qhm
Aliases:
GHSA-pw2q-qwvj-gh43
Cache Flooding in TYPO3 Frontend Links with a valid cHash argument lead to newly generated page cache entries. Because the cHash is not bound to a specific page, attackers could use valid cHash arguments for multiple pages, leading to additional useless page cache entries. Depending on the number of pages in the system and the number of available valid links with a cHash, attackers could add a considerable amount of additional cache entries, which in the end exceed storage limits and thus could lead to the system not responding any more. This means the Cache Flooding attack potentially could lead to a successful Denial of Service (DoS) attack.
6.2.27
Affected by 16 other vulnerabilities.
7.6.11
Affected by 52 other vulnerabilities.
8.3.1
Affected by 98 other vulnerabilities.
VCID-t7fe-ph2m-j3e5
Aliases:
2016-09-14-1
Cross-site Scripting XSS in TYPO3 Backend.
6.2.27
Affected by 16 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.11
Affected by 52 other vulnerabilities.
8.3.0
Affected by 102 other vulnerabilities.
VCID-u4n4-rh2y-8ycg
Aliases:
GHSA-6fc6-cj2j-h22x
TYPO3 Multiple Cross-Site Scripting vulnerabilities in frontend Failing to properly encode editor input, several frontend components are susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML.
6.2.16
Affected by 60 other vulnerabilities.
7.6.1
Affected by 87 other vulnerabilities.
VCID-ue38-abs9-ffa8
Aliases:
2016-02-16-2
Cross-site Scripting Cross-Site Scripting in link validator component.
6.2.18
Affected by 52 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.3
Affected by 85 other vulnerabilities.
VCID-urhg-ftwf-pubr
Aliases:
2015-07-01-2
Frontend login Session Fixation.
6.2.14
Affected by 83 other vulnerabilities.
7.3.0
Affected by 53 other vulnerabilities.
VCID-v83x-2hx7-yycg
Aliases:
CVE-2021-21339
GHSA-qx3w-4864-94ch
Cleartext storage of session identifier ### Problem User session identifiers were stored in cleartext - without processing of additional cryptographic hashing algorithms. This vulnerability cannot be exploited directly and occurs in combination with a chained attack - like for instance SQL injection in any other component of the system. ### Solution Update to TYPO3 versions 6.2.57, 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 security team member Oliver Hader who reported this issue and to TYPO3 core & security team members Benni Mack & Oliver Hader who fixed the issue. ### References * [TYPO3-CORE-SA-2021-006](https://typo3.org/security/advisory/typo3-core-sa-2021-006)
6.2.57
Affected by 0 other vulnerabilities.
7.6.51
Affected by 1 other vulnerability.
8.7.40
Affected by 3 other vulnerabilities.
9.5.25
Affected by 12 other vulnerabilities.
10.4.14
Affected by 22 other vulnerabilities.
11.1.1
Affected by 23 other vulnerabilities.
VCID-vasc-x3hz-nqha
Aliases:
GHSA-wh8q-72cp-p5wf
Cross-Site Scripting in TYPO3 component Indexed Search Failing to properly encode editor input, the search result view of indexed_search is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML.
6.2.16
Affected by 60 other vulnerabilities.
VCID-vujd-b56y-8kfk
Aliases:
GHSA-v5jp-4h2p-j2p4
Privilege Escalation in TYPO3 CMS The workspace/ version preview link created by a privileged (backend) user could be abused to obtain certain editing permission, if the admin panel is configured to be shown. A valid preview link is required to exploit this vulnerability.
6.2.20
Affected by 35 other vulnerabilities.
7.6.5
Affected by 73 other vulnerabilities.
8.0.1
Affected by 115 other vulnerabilities.
VCID-w5s9-wjpe-bkc1
Aliases:
CVE-2013-7341
GHSA-j6c3-3c4w-qv8p
Moodle cross-site scripting (XSS) vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.
6.2.14
Affected by 83 other vulnerabilities.
7.3.1
Affected by 47 other vulnerabilities.
VCID-wdd1-cu7d-zydp
Aliases:
TYPO3-CORE-SA-2015-015
Cross-Site Scripting in Indexed Search Failing to properly encode editor input, the search result view of indexed_search is susceptible to Cross-Site Scripting, allowing authenticated editors to inject arbitrary HTML.
6.2.16
Affected by 60 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
VCID-wvzh-uxhw-g3d5
Aliases:
2015-07-01-3
Cross-site Scripting Cross-Site Scripting exploitable by Editors.
6.2.14
Affected by 83 other vulnerabilities.
7.3.0
Affected by 53 other vulnerabilities.
VCID-x5wu-b995-xkcm
Aliases:
2016-04-12-3
Improper Authentication Authentication Bypass in TYPO3 CMS.
6.2.20
Affected by 35 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.5
Affected by 73 other vulnerabilities.
8.0.1
Affected by 115 other vulnerabilities.
VCID-xh3z-5w6z-ducr
Aliases:
GHSA-pmxp-7224-h794
Denial of Service (DoS) attack possibility in TYPO3 component Indexed Search Due to an oversized maximum result limit, TYPO3 component Indexed Search is susceptible to a Denial of Service attack.
6.2.19
Affected by 43 other vulnerabilities.
7.6.4
Affected by 79 other vulnerabilities.
VCID-xztw-e2f8-3qf3
Aliases:
2016-02-16-4
Cross-site Scripting Cross-Site Scripting in form component.
6.2.18
Affected by 52 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
VCID-y15u-f9e9-akff
Aliases:
2016-11-22-2
Path Traversal in TYPO3 Core.
6.2.29
Affected by 10 other vulnerabilities.
7.0.0
Affected by 64 other vulnerabilities.
7.6.13
Affected by 46 other vulnerabilities.
8.4.1
Affected by 92 other vulnerabilities.
VCID-y8va-79qc-97cc
Aliases:
GHSA-75mx-chcf-2q32
TYPO3 Cross-Site Scripting vulnerability in typolinks All link fields within the TYPO3 installation are vulnerable to Cross-Site Scripting as authorized editors can insert javascript commands by using the url scheme `javascript:`.
6.2.16
Affected by 60 other vulnerabilities.
7.6.1
Affected by 87 other vulnerabilities.
VCID-y93e-ckjh-wqea
Aliases:
2015-07-01-4
Information Disclosure possibility exploitable by Editors.
6.2.14
Affected by 83 other vulnerabilities.
7.3.0
Affected by 53 other vulnerabilities.
VCID-ype3-tase-wue6
Aliases:
GMS-2015-25
Unauthenticated Path Disclosure It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3 installation.
6.2.15
Affected by 79 other vulnerabilities.
7.4.0
Affected by 44 other vulnerabilities.
VCID-yq8z-3ahh-1kbj
Aliases:
GHSA-4r76-xr68-w7m7
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts It has been discovered, that editors with access to file meta data table could change, create or delete metadata of files which are not within their file mounts.
6.2.14
Affected by 83 other vulnerabilities.
7.3.1
Affected by 47 other vulnerabilities.
VCID-yx78-xb3g-yfan
Aliases:
CVE-2015-8755
GHSA-56f9-5563-m2h7
Typo3 XSS Vulnerability Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors.
6.2.16
Affected by 60 other vulnerabilities.
7.6.1
Affected by 87 other vulnerabilities.
VCID-z5h8-5shq-kbgh
Aliases:
GHSA-wrpf-2x8h-82gr
Typo3 Arbitrary File Disclosure in Form Component Failing to properly validate user input, the form component is susceptible to Arbitrary File Disclosure. A valid backend user account is needed to exploit this vulnerability. Only forms are vulnerable, which contain upload fields.
6.2.20
Affected by 35 other vulnerabilities.
VCID-zrsh-tk2s-2uhm
Aliases:
2015-12-15-1
Cross-site Scripting Multiple Cross-Site Scripting vulnerabilities in TYPO3 backend.
6.2.16
Affected by 60 other vulnerabilities.
7.6.1
Affected by 87 other vulnerabilities.
VCID-zu53-dnd1-h3gu
Aliases:
GHSA-5wx6-xwxf-q8qj
Cross-Site Scripting in TYPO3 Backend Failing to properly encode user input, some backend components are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this vulnerability.
6.2.20
Affected by 35 other vulnerabilities.
7.6.5
Affected by 73 other vulnerabilities.
8.0.1
Affected by 115 other vulnerabilities.
VCID-zzxz-2f13-qyhn
Aliases:
TYPO3-CORE-SA-2016-013
Missing Access Check Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute.
6.2.24
Affected by 33 other vulnerabilities.
7.6.8
Affected by 70 other vulnerabilities.
8.1.1
Affected by 112 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T19:07:07.570743+00:00 GitLab Importer Affected by VCID-bd6u-nca5-gyeu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-hq37-rfjc-mr8h.yml 37.0.0
2025-07-03T19:07:07.058262+00:00 GitLab Importer Affected by VCID-t352-87cy-4qhm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-pw2q-qwvj-gh43.yml 37.0.0
2025-07-03T19:07:06.721790+00:00 GitLab Importer Affected by VCID-k8yx-gezq-7fd6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-6xh8-8pfv-53vx.yml 37.0.0
2025-07-03T19:07:06.082496+00:00 GitLab Importer Affected by VCID-j1nq-26xv-yff3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-j86x-pjmr-9m6w.yml 37.0.0
2025-07-03T19:07:04.948763+00:00 GitLab Importer Affected by VCID-dm6k-fzm6-sqbe https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-p5c5-gmj4-g48f.yml 37.0.0
2025-07-03T19:07:04.204982+00:00 GitLab Importer Affected by VCID-d381-rcq3-n3az https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-vpr3-rc99-2wpr.yml 37.0.0
2025-07-03T19:07:03.898419+00:00 GitLab Importer Affected by VCID-cnqq-fdxb-9uat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-c7rj-92xr-wprg.yml 37.0.0
2025-07-03T19:07:02.137882+00:00 GitLab Importer Affected by VCID-vujd-b56y-8kfk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-v5jp-4h2p-j2p4.yml 37.0.0
2025-07-03T19:07:01.236109+00:00 GitLab Importer Affected by VCID-2m7w-zfua-u7b9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-g4pf-3jvq-2gcw.yml 37.0.0
2025-07-03T19:07:00.966675+00:00 GitLab Importer Affected by VCID-a8wf-nz2q-s3gh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-gwfx-p7mr-f92v.yml 37.0.0
2025-07-03T19:06:59.395052+00:00 GitLab Importer Affected by VCID-8a25-9af4-tyhk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-xvcp-33rc-j8gq.yml 37.0.0
2025-07-03T19:06:58.339929+00:00 GitLab Importer Affected by VCID-zu53-dnd1-h3gu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-5wx6-xwxf-q8qj.yml 37.0.0
2025-07-03T19:06:55.980736+00:00 GitLab Importer Affected by VCID-axg7-qg5u-kbg7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-86r8-4g3w-7xjp.yml 37.0.0
2025-07-03T19:06:53.638356+00:00 GitLab Importer Affected by VCID-xh3z-5w6z-ducr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-pmxp-7224-h794.yml 37.0.0
2025-07-03T19:06:53.218138+00:00 GitLab Importer Affected by VCID-1u6q-5rdj-abdb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-qffc-gwpp-m2xr.yml 37.0.0
2025-07-03T19:06:51.681936+00:00 GitLab Importer Affected by VCID-z5h8-5shq-kbgh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-wrpf-2x8h-82gr.yml 37.0.0
2025-07-03T19:06:49.829267+00:00 GitLab Importer Affected by VCID-8wyj-vv9y-jbhp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-8j9v-4hhh-x43c.yml 37.0.0
2025-07-03T19:06:49.241753+00:00 GitLab Importer Affected by VCID-18bd-kv2y-jkfw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-3jxq-5xhh-9jr3.yml 37.0.0
2025-07-03T19:06:46.523620+00:00 GitLab Importer Affected by VCID-mc77-ed2h-13dy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-cg4m-qjjp-7497.yml 37.0.0
2025-07-03T19:06:46.281318+00:00 GitLab Importer Affected by VCID-u4n4-rh2y-8ycg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-6fc6-cj2j-h22x.yml 37.0.0
2025-07-03T19:06:46.075702+00:00 GitLab Importer Affected by VCID-m57g-8gch-7ydt https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-9895-53fc-98v2.yml 37.0.0
2025-07-03T19:06:45.428421+00:00 GitLab Importer Affected by VCID-k7zv-e4ez-dbaz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-5cxf-xx9j-54jc.yml 37.0.0
2025-07-03T19:06:45.234404+00:00 GitLab Importer Affected by VCID-4c69-3sss-jfeb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-vgm8-r9gm-fw59.yml 37.0.0
2025-07-03T19:06:45.041959+00:00 GitLab Importer Affected by VCID-a7q1-gy13-nyb5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-qrxh-46mr-pr7q.yml 37.0.0
2025-07-03T19:06:44.845713+00:00 GitLab Importer Affected by VCID-vasc-x3hz-nqha https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-wh8q-72cp-p5wf.yml 37.0.0
2025-07-03T19:06:44.645648+00:00 GitLab Importer Affected by VCID-ksgk-se77-67at https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-5j86-5xvg-7q93.yml 37.0.0
2025-07-03T19:06:24.838844+00:00 GitLab Importer Affected by VCID-yq8z-3ahh-1kbj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-4r76-xr68-w7m7.yml 37.0.0
2025-07-03T19:06:23.198725+00:00 GitLab Importer Affected by VCID-jyxd-d6ce-7qd9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-r287-hc8j-w56h.yml 37.0.0
2025-07-03T19:06:22.986865+00:00 GitLab Importer Affected by VCID-n14c-7g17-qudk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-r9vc-jfmh-6j48.yml 37.0.0
2025-07-03T19:06:22.566644+00:00 GitLab Importer Affected by VCID-y8va-79qc-97cc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-75mx-chcf-2q32.yml 37.0.0
2025-07-03T19:06:22.196320+00:00 GitLab Importer Affected by VCID-maa6-4fkn-pqhz https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-jqr8-q455-xx45.yml 37.0.0
2025-07-03T19:06:21.972104+00:00 GitLab Importer Affected by VCID-nnxd-zjsh-wqbp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-wp8j-c736-c5r3.yml 37.0.0
2025-07-03T19:06:19.386577+00:00 GitLab Importer Affected by VCID-kktc-18fc-cuar https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-pqfv-97hj-g97g.yml 37.0.0
2025-07-03T18:59:55.874487+00:00 GitLab Importer Affected by VCID-5m4k-jd3r-abaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-gj48-w74w-8gvm.yml 37.0.0
2025-07-03T18:59:53.732746+00:00 GitLab Importer Affected by VCID-5m4k-jd3r-abaf https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GMS-2024-342.yml 37.0.0
2025-07-03T18:36:13.616110+00:00 GitLab Importer Affected by VCID-kh9n-kuvd-pbat https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2022-23501.yml 37.0.0
2025-07-03T18:19:52.555390+00:00 GitLab Importer Affected by VCID-9eny-v4h6-6bhb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2015-8756.yml 37.0.0
2025-07-03T18:19:45.571877+00:00 GitLab Importer Affected by VCID-fsfv-ytty-pqbs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2015-8760.yml 37.0.0
2025-07-03T18:19:18.158904+00:00 GitLab Importer Affected by VCID-yx78-xb3g-yfan https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2015-8755.yml 37.0.0
2025-07-03T18:18:48.653761+00:00 GitLab Importer Affected by VCID-rnen-s5y6-8yg1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2015-8759.yml 37.0.0
2025-07-03T18:16:53.734832+00:00 GitLab Importer Affected by VCID-w5s9-wjpe-bkc1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2013-7341.yml 37.0.0
2025-07-03T17:56:43.194339+00:00 GitLab Importer Affected by VCID-d42j-347n-e7en https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2021-21338.yml 37.0.0
2025-07-03T17:56:25.251822+00:00 GitLab Importer Affected by VCID-v83x-2hx7-yycg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2021-21339.yml 37.0.0
2025-07-03T17:52:31.137799+00:00 GitLab Importer Affected by VCID-rtd6-q7tg-ykfh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2020-26227.yml 37.0.0
2025-07-03T17:38:19.056442+00:00 GitLab Importer Affected by VCID-2ypz-t2ty-c3e3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2020-8091.yml 37.0.0
2025-07-03T17:37:57.379460+00:00 GitLab Importer Affected by VCID-8mc9-ye3u-c3aj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2019-19849.yml 37.0.0
2025-07-03T17:37:55.922874+00:00 GitLab Importer Affected by VCID-hg6g-kn76-bfbh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2019-19848.yml 37.0.0
2025-07-03T17:23:51.969205+00:00 GitLab Importer Affected by VCID-jtuy-ex79-tfbu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2018-6905.yml 37.0.0
2025-07-03T17:18:20.036090+00:00 GitLab Importer Affected by VCID-4phm-hhrx-kkc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2016-4056.yml 37.0.0
2025-07-03T17:18:15.203005+00:00 GitLab Importer Affected by VCID-htsn-wq8h-qbgp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2017-01-03-1.yml 37.0.0
2025-07-03T17:16:33.248708+00:00 GitLab Importer Affected by VCID-heyp-4b45-v7gp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-11-22-1.yml 37.0.0
2025-07-03T17:16:32.950564+00:00 GitLab Importer Affected by VCID-y15u-f9e9-akff https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-11-22-2.yml 37.0.0
2025-07-03T17:16:32.656399+00:00 GitLab Importer Affected by VCID-8fkz-6kqu-gqbk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2016-024.yml 37.0.0
2025-07-03T17:16:32.359104+00:00 GitLab Importer Affected by VCID-e5ns-2x1v-sbaj https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2016-023.yml 37.0.0
2025-07-03T17:16:17.829016+00:00 GitLab Importer Affected by VCID-f6sb-d831-u3fh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2016-021.yml 37.0.0
2025-07-03T17:16:17.549926+00:00 GitLab Importer Affected by VCID-ky6n-ka2n-ayhu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2016-022.yml 37.0.0
2025-07-03T17:16:02.202606+00:00 GitLab Importer Affected by VCID-6bne-vnc6-wfe9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-07-19-5.yml 37.0.0
2025-07-03T17:16:01.937545+00:00 GitLab Importer Affected by VCID-d2qd-qjn9-jffs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-07-19-1.yml 37.0.0
2025-07-03T17:16:01.513809+00:00 GitLab Importer Affected by VCID-m3gb-henf-4uga https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-07-19-3.yml 37.0.0
2025-07-03T17:16:01.269365+00:00 GitLab Importer Affected by VCID-psu6-y6fc-nqh4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-07-19-2.yml 37.0.0
2025-07-03T17:16:01.023016+00:00 GitLab Importer Affected by VCID-cdkv-3rbf-27ed https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-07-19-4.yml 37.0.0
2025-07-03T17:15:58.838302+00:00 GitLab Importer Affected by VCID-gb7f-4sm6-tkaw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-09-14-2.yml 37.0.0
2025-07-03T17:15:58.584694+00:00 GitLab Importer Affected by VCID-t7fe-ph2m-j3e5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-09-14-1.yml 37.0.0
2025-07-03T17:14:57.916292+00:00 GitLab Importer Affected by VCID-aujs-m8j8-guh1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-05-24-1.yml 37.0.0
2025-07-03T17:14:57.214093+00:00 GitLab Importer Affected by VCID-zzxz-2f13-qyhn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2016-013.yml 37.0.0
2025-07-03T17:14:31.221496+00:00 GitLab Importer Affected by VCID-8jv7-9a74-q3ee https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-04-12-1.yml 37.0.0
2025-07-03T17:14:31.025059+00:00 GitLab Importer Affected by VCID-fehf-p36x-wfha https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-04-12-2.yml 37.0.0
2025-07-03T17:14:30.314398+00:00 GitLab Importer Affected by VCID-3yjx-zkmc-zkau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-04-12-4.yml 37.0.0
2025-07-03T17:14:28.462176+00:00 GitLab Importer Affected by VCID-x5wu-b995-xkcm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-04-12-3.yml 37.0.0
2025-07-03T17:14:17.182964+00:00 GitLab Importer Affected by VCID-krcw-y6kx-37br https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-02-23-3.yml 37.0.0
2025-07-03T17:14:16.986775+00:00 GitLab Importer Affected by VCID-bfg8-yh9h-5kce https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-02-23-4.yml 37.0.0
2025-07-03T17:14:16.804035+00:00 GitLab Importer Affected by VCID-ej97-kcp8-hffu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-02-23-2.yml 37.0.0
2025-07-03T17:14:16.597660+00:00 GitLab Importer Affected by VCID-hbzu-v4jk-hyhd https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-02-23-1.yml 37.0.0
2025-07-03T17:14:15.036731+00:00 GitLab Importer Affected by VCID-pyn2-c81e-2bbg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-02-16-1.yml 37.0.0
2025-07-03T17:14:14.856235+00:00 GitLab Importer Affected by VCID-xztw-e2f8-3qf3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-02-16-4.yml 37.0.0
2025-07-03T17:14:14.142097+00:00 GitLab Importer Affected by VCID-ue38-abs9-ffa8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-02-16-2.yml 37.0.0
2025-07-03T17:14:13.948082+00:00 GitLab Importer Affected by VCID-b8j6-xu3r-budh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2016-02-16-3.yml 37.0.0
2025-07-03T17:14:01.268446+00:00 GitLab Importer Affected by VCID-zrsh-tk2s-2uhm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2015-12-15-1.yml 37.0.0
2025-07-03T17:14:01.081246+00:00 GitLab Importer Affected by VCID-kjj6-m1r1-uufb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2015-12-15-4.yml 37.0.0
2025-07-03T17:14:00.585618+00:00 GitLab Importer Affected by VCID-33h5-eea4-rben https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2015-12-15-2.yml 37.0.0
2025-07-03T17:14:00.389843+00:00 GitLab Importer Affected by VCID-2k75-zp2r-67da https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2015-012.yml 37.0.0
2025-07-03T17:13:59.919802+00:00 GitLab Importer Affected by VCID-67n6-jmg3-qycv https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2015-12-15-5.yml 37.0.0
2025-07-03T17:13:57.999523+00:00 GitLab Importer Affected by VCID-af14-5ttt-t7ac https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2015-011.yml 37.0.0
2025-07-03T17:13:57.524806+00:00 GitLab Importer Affected by VCID-dkr9-d6n6-puf5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2015-013.yml 37.0.0
2025-07-03T17:13:56.740808+00:00 GitLab Importer Affected by VCID-c9g4-gcfy-8ug4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2015-12-15-3.yml 37.0.0
2025-07-03T17:13:56.565282+00:00 GitLab Importer Affected by VCID-aepn-e5gq-kygg https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2015-014.yml 37.0.0
2025-07-03T17:13:56.377924+00:00 GitLab Importer Affected by VCID-wdd1-cu7d-zydp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/TYPO3-CORE-SA-2015-015.yml 37.0.0
2025-07-03T17:13:40.736217+00:00 GitLab Importer Affected by VCID-cwsm-v895-nqc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2015-5956.yml 37.0.0
2025-07-03T17:13:38.724010+00:00 GitLab Importer Affected by VCID-7rqj-m3xh-5uam https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2015-09-08-1.yml 37.0.0
2025-07-03T17:13:38.529074+00:00 GitLab Importer Affected by VCID-ype3-tase-wue6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GMS-2015-25.yml 37.0.0
2025-07-03T17:13:30.991821+00:00 GitLab Importer Affected by VCID-wvzh-uxhw-g3d5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2015-07-01-3.yml 37.0.0
2025-07-03T17:13:30.807786+00:00 GitLab Importer Affected by VCID-dwrf-me8a-z7fa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2015-07-01-1.yml 37.0.0
2025-07-03T17:13:30.618578+00:00 GitLab Importer Affected by VCID-7hxf-mt3r-6bag https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2015-07-01-6.yml 37.0.0
2025-07-03T17:13:30.438357+00:00 GitLab Importer Affected by VCID-rf5y-9xhy-ckhk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2015-07-01-5.yml 37.0.0
2025-07-03T17:13:30.258812+00:00 GitLab Importer Affected by VCID-urhg-ftwf-pubr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2015-07-01-2.yml 37.0.0
2025-07-03T17:13:30.061192+00:00 GitLab Importer Affected by VCID-y93e-ckjh-wqea https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2015-07-01-4.yml 37.0.0