Search for vulnerabilities
Vulnerability details: VCID-8tx1-99cc-tfcc
Vulnerability ID VCID-8tx1-99cc-tfcc
Aliases CVE-2013-7073
GHSA-4rpv-g4gq-rh4m
Summary TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-264 Permissions, Privileges, and Access Controls
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.5 http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html
cvssv3.1 6.5 http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html
cvssv3.1 6.5 http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2013-7073
epss 0.00275 https://api.first.org/data/v1/epss?cve=CVE-2013-7073
cvssv3.1 6.5 http://seclists.org/oss-sec/2013/q4/473
generic_textual MODERATE http://seclists.org/oss-sec/2013/q4/473
cvssv3.1 6.5 http://seclists.org/oss-sec/2013/q4/487
generic_textual MODERATE http://seclists.org/oss-sec/2013/q4/487
cvssv3.1 6.5 https://github.com/TYPO3/typo3
generic_textual MODERATE https://github.com/TYPO3/typo3
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2013-7073
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2013-7073
cvssv3.1 6.5 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
generic_textual MODERATE http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
cvssv3.1 6.5 http://www.debian.org/security/2014/dsa-2834
generic_textual MODERATE http://www.debian.org/security/2014/dsa-2834
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html
http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html
http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html
https://api.first.org/data/v1/epss?cve=CVE-2013-7073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7073
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7075
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7076
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7078
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7081
http://seclists.org/oss-sec/2013/q4/473
http://seclists.org/oss-sec/2013/q4/487
https://github.com/TYPO3/typo3
https://nvd.nist.gov/vuln/detail/CVE-2013-7073
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
http://www.debian.org/security/2014/dsa-2834
GHSA-4rpv-g4gq-rh4m https://github.com/advisories/GHSA-4rpv-g4gq-rh4m
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://seclists.org/oss-sec/2013/q4/473
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://seclists.org/oss-sec/2013/q4/487
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/TYPO3/typo3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2013-7073
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at http://www.debian.org/security/2014/dsa-2834
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.50592
EPSS Score 0.00275
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:26:53.219498+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4rpv-g4gq-rh4m/GHSA-4rpv-g4gq-rh4m.json 36.1.3