Search for vulnerabilities
Vulnerability details: VCID-18bd-kv2y-jkfw
Vulnerability ID VCID-18bd-kv2y-jkfw
Aliases GHSA-3jxq-5xhh-9jr3
Summary Cross-Site Scripting (XSS) in TYPO3 component Backend Failing to properly encode incoming data, the bookmark toolbar is susceptible to Cross-Site Scripting.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (2)
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-3jxq-5xhh-9jr3
generic_textual MODERATE https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-02-23-2.yaml
generic_textual MODERATE https://github.com/TYPO3/typo3
generic_textual MODERATE https://typo3.org/security/advisory/typo3-core-sa-2016-006
Reference id Reference type URL
https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-02-23-2.yaml
https://github.com/TYPO3/typo3
https://typo3.org/security/advisory/typo3-core-sa-2016-006
GHSA-3jxq-5xhh-9jr3 https://github.com/advisories/GHSA-3jxq-5xhh-9jr3
No exploits are available.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2025-07-01T12:11:10.583604+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-3jxq-5xhh-9jr3/GHSA-3jxq-5xhh-9jr3.json 36.1.3