Search for packages
Package details: pkg:composer/typo3/cms@8.7.27
purl pkg:composer/typo3/cms@8.7.27
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (10)
Vulnerability Summary Aliases
VCID-3wq5-qkuj-c7ce Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfig_includes is vulnerable to directory traversal leading to same scenarios as having direct access to TSconfig settings. A valid backend user account having access to modify values for fields pages.TSconfig and pages.tsconfig_includes is needed in order to exploit this vulnerability. GHSA-hww5-6x85-mc24
VCID-87g8-zcww-p7bm Typo3 Cross-Site Scripting in Link Handling TYPO3 8.3.0 through 8.7.26 and 9.0.0 through 9.5.7 allows XSS. CVE-2019-12748
GHSA-r6fv-56gp-j3r4
VCID-aj9w-bguk-9yek Insecure Deserialization in TYPO3 CMS. 2019-06-25-5
VCID-bgk1-npak-uuhy Typo3 Security Misconfiguration in Frontend Session Handling It has been discovered session data of properly authenticated and logged in frontend users is kept and transformed into an anonymous user session during the logout process. This way the next user using the same client application gains access to previous session data. GHSA-qr5f-6fcv-w69q
VCID-bvjs-f141-sfc7 Information Disclosure in Backend User Interface. 2019-06-25-1
VCID-snd3-qpkk-8bb5 Typo3 Information Disclosure in Backend User Interface The element information component used to display properties of a certain record is susceptible to information disclosure. The list of references from or to the record is not properly checked for the backend user’s permissions. A valid backend user account is needed in order to exploit this vulnerability. GHSA-q9c4-9v5m-597p
VCID-t7b2-114h-ekaw Cross-site Scripting Cross-Site Scripting in Link Handling. 2019-06-25-2
VCID-tbp9-2rg8-u7bk Code Injection Arbitrary Code Execution and Cross-Site Scripting in Backend API. 2019-06-25-4
VCID-thjz-e86b-n3a7 Typo3 Vulnerable to Insecure Deserialization TYPO3 8.x through 8.7.26 and 9.x through 9.5.7 allows Deserialization of Untrusted Data. CVE-2019-12747
GHSA-86hp-xrhj-fhpq
VCID-u3es-5tz4-ybfc Security Misconfiguration in Frontend Session Handling. 2019-06-25-3

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T13:56:52.055468+00:00 GitLab Importer Fixing VCID-snd3-qpkk-8bb5 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-q9c4-9v5m-597p.yml 36.1.3
2025-07-03T13:56:51.668782+00:00 GitLab Importer Fixing VCID-bgk1-npak-uuhy https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-qr5f-6fcv-w69q.yml 36.1.3
2025-07-03T13:56:51.354777+00:00 GitLab Importer Fixing VCID-3wq5-qkuj-c7ce https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/GHSA-hww5-6x85-mc24.yml 36.1.3
2025-07-01T18:11:43.479874+00:00 GitLab Importer Fixing VCID-87g8-zcww-p7bm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2019-12748.yml 36.1.3
2025-07-01T18:11:43.447342+00:00 GitLab Importer Fixing VCID-thjz-e86b-n3a7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2019-12747.yml 36.1.3
2025-07-01T18:11:42.388460+00:00 GitLab Importer Fixing VCID-aj9w-bguk-9yek https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2019-06-25-5.yml 36.1.3
2025-07-01T18:11:42.296760+00:00 GitLab Importer Fixing VCID-t7b2-114h-ekaw https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2019-06-25-2.yml 36.1.3
2025-07-01T18:11:42.277861+00:00 GitLab Importer Fixing VCID-bvjs-f141-sfc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2019-06-25-1.yml 36.1.3
2025-07-01T18:11:42.187617+00:00 GitLab Importer Fixing VCID-u3es-5tz4-ybfc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2019-06-25-3.yml 36.1.3
2025-07-01T18:11:42.166374+00:00 GitLab Importer Fixing VCID-tbp9-2rg8-u7bk https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/2019-06-25-4.yml 36.1.3
2025-07-01T14:35:06.432665+00:00 GHSA Importer Fixing VCID-3wq5-qkuj-c7ce https://github.com/advisories/GHSA-hww5-6x85-mc24 36.1.3
2025-07-01T14:35:06.415023+00:00 GHSA Importer Fixing VCID-bgk1-npak-uuhy https://github.com/advisories/GHSA-qr5f-6fcv-w69q 36.1.3
2025-07-01T14:35:06.335610+00:00 GHSA Importer Fixing VCID-snd3-qpkk-8bb5 https://github.com/advisories/GHSA-q9c4-9v5m-597p 36.1.3
2025-07-01T14:32:55.950210+00:00 GHSA Importer Fixing VCID-thjz-e86b-n3a7 https://github.com/advisories/GHSA-86hp-xrhj-fhpq 36.1.3
2025-07-01T14:32:55.871888+00:00 GHSA Importer Fixing VCID-87g8-zcww-p7bm https://github.com/advisories/GHSA-r6fv-56gp-j3r4 36.1.3
2025-07-01T12:30:19.392016+00:00 GithubOSV Importer Fixing VCID-87g8-zcww-p7bm https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r6fv-56gp-j3r4/GHSA-r6fv-56gp-j3r4.json 36.1.3
2025-07-01T12:26:04.387230+00:00 GithubOSV Importer Fixing VCID-thjz-e86b-n3a7 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-86hp-xrhj-fhpq/GHSA-86hp-xrhj-fhpq.json 36.1.3
2025-07-01T12:11:12.043308+00:00 GithubOSV Importer Fixing VCID-3wq5-qkuj-c7ce https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-hww5-6x85-mc24/GHSA-hww5-6x85-mc24.json 36.1.3
2025-07-01T12:10:59.453444+00:00 GithubOSV Importer Fixing VCID-bgk1-npak-uuhy https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-qr5f-6fcv-w69q/GHSA-qr5f-6fcv-w69q.json 36.1.3
2025-07-01T12:10:58.811066+00:00 GithubOSV Importer Fixing VCID-snd3-qpkk-8bb5 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-q9c4-9v5m-597p/GHSA-q9c4-9v5m-597p.json 36.1.3