Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2022-AVI-549
Vulnerability from certfr_avis
De multiples vulnérabilités ont été découvertes dans TYPO3. Elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Typo3 | Typo3 | TYPO3 versions 8.x antérieures à 8.7.47 ELTS | ||
| Typo3 | Typo3 | TYPO3 versions 7.x antérieures à 7.6.57 ELTS | ||
| Typo3 | Typo3 | TYPO3 versions 9.x antérieures à 9.5.35 ELTS | ||
| Typo3 | Typo3 | TYPO3 versions 10.x antérieures à 10.4.29 | ||
| Typo3 | Typo3 | TYPO3 versions 11.x antérieures à 11.5.11 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "TYPO3 versions 8.x ant\u00e9rieures \u00e0 8.7.47 ELTS",
"product": {
"name": "Typo3",
"vendor": {
"name": "Typo3",
"scada": false
}
}
},
{
"description": "TYPO3 versions 7.x ant\u00e9rieures \u00e0 7.6.57 ELTS",
"product": {
"name": "Typo3",
"vendor": {
"name": "Typo3",
"scada": false
}
}
},
{
"description": "TYPO3 versions 9.x ant\u00e9rieures \u00e0 9.5.35 ELTS",
"product": {
"name": "Typo3",
"vendor": {
"name": "Typo3",
"scada": false
}
}
},
{
"description": "TYPO3 versions 10.x ant\u00e9rieures \u00e0 10.4.29",
"product": {
"name": "Typo3",
"vendor": {
"name": "Typo3",
"scada": false
}
}
},
{
"description": "TYPO3 versions 11.x ant\u00e9rieures \u00e0 11.5.11",
"product": {
"name": "Typo3",
"vendor": {
"name": "Typo3",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-31046",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31046"
},
{
"name": "CVE-2022-31050",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31050"
},
{
"name": "CVE-2022-31047",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31047"
},
{
"name": "CVE-2022-31049",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31049"
},
{
"name": "CVE-2022-31048",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-31048"
}
],
"initial_release_date": "2022-06-15T00:00:00",
"last_revision_date": "2022-06-15T00:00:00",
"links": [],
"reference": "CERTFR-2022-AVI-549",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-06-15T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TYPO3. Elles\npermettent \u00e0 un attaquant de provoquer un contournement de la politique\nde s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une\ninjection de code indirecte \u00e0 distance (XSS).\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TYPO3 GHSA-fh99-4pgr-8j99 du 14 juin 2022",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TYPO3 GHSA-wwjw-r3gj-39fq du 14 juin 2022",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TYPO3 GHSA-h4mx-xv96-2jgm du 14 juin 2022",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TYPO3 GHSA-8gmv-9hwg-w89g du 14 juin 2022",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 TYPO3 GHSA-3r95-23jp-mhvg du 14 juin 2022",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg"
}
]
}
CVE-2022-31050 (GCVE-0-2022-31050)
Vulnerability from cvelistv5
Published
2022-06-14 20:55
Modified
2025-04-23 18:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-613 - Insufficient Session Expiration
Summary
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-005"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31050",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:05:13.509386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:15:18.241Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613: Insufficient Session Expiration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T20:55:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-005"
}
],
"source": {
"advisory": "GHSA-wwjw-r3gj-39fq",
"discovery": "UNKNOWN"
},
"title": "Insufficient Session Expiration in TYPO3 Admin Tool",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31050",
"STATE": "PUBLIC",
"TITLE": "Insufficient Session Expiration in TYPO3 Admin Tool"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-613: Insufficient Session Expiration"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-wwjw-r3gj-39fq"
},
{
"name": "https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/592387972912290c135ebecc91768a67f83a3a4d"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-005",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-005"
}
]
},
"source": {
"advisory": "GHSA-wwjw-r3gj-39fq",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31050",
"datePublished": "2022-06-14T20:55:11.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:15:18.241Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31047 (GCVE-0-2022-31047)
Vulnerability from cvelistv5
Published
2022-06-14 20:40
Modified
2025-04-23 18:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Summary
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31047",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:05:23.839366Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:15:57.041Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.6.57"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.47"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532: Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T22:00:16.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002"
}
],
"source": {
"advisory": "GHSA-fh99-4pgr-8j99",
"discovery": "UNKNOWN"
},
"title": "Insertion of Sensitive Information into Log File in typo3/cms-core",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31047",
"STATE": "PUBLIC",
"TITLE": "Insertion of Sensitive Information into Log File in typo3/cms-core"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 7.0.0, \u003c 7.6.57"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.7.47"
},
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-532: Insertion of Sensitive Information into Log File"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-fh99-4pgr-8j99"
},
{
"name": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/c93ea692e7dfef03b7c50fe5437487545bee4d6a"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-002",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-002"
}
]
},
"source": {
"advisory": "GHSA-fh99-4pgr-8j99",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31047",
"datePublished": "2022-06-14T20:40:10.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:15:57.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31046 (GCVE-0-2022-31046)
Vulnerability from cvelistv5
Published
2022-06-14 20:40
Modified
2025-04-23 18:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Summary
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.293Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-001"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31046",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:05:21.117586Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:15:44.206Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.6.57"
},
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.47"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T22:00:32.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-001"
}
],
"source": {
"advisory": "GHSA-8gmv-9hwg-w89g",
"discovery": "UNKNOWN"
},
"title": "Information Disclosure via Export Module in TYPO3 CMS",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31046",
"STATE": "PUBLIC",
"TITLE": "Information Disclosure via Export Module in TYPO3 CMS"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 7.0.0, \u003c 7.6.57"
},
{
"version_value": "\u003e= 8.0.0, \u003c 8.7.47"
},
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-8gmv-9hwg-w89g"
},
{
"name": "https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/7447a3d1283017d2ee08737a7972c720001a93e9"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-001",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-001"
}
]
},
"source": {
"advisory": "GHSA-8gmv-9hwg-w89g",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31046",
"datePublished": "2022-06-14T20:40:22.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:15:44.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31049 (GCVE-0-2022-31049)
Vulnerability from cvelistv5
Published
2022-06-14 20:50
Modified
2025-04-23 18:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.221Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-004"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31049",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:05:18.598722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:15:37.089Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T20:50:12.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-004"
}
],
"source": {
"advisory": "GHSA-h4mx-xv96-2jgm",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in Frontend Login Mailer",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31049",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in Frontend Login Mailer"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-h4mx-xv96-2jgm"
},
{
"name": "https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/da611775f92102d7602713003f4c79606c8a445d"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-004",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-004"
}
]
},
"source": {
"advisory": "GHSA-h4mx-xv96-2jgm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31049",
"datePublished": "2022-06-14T20:50:12.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:15:37.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31048 (GCVE-0-2022-31048)
Vulnerability from cvelistv5
Published
2022-06-14 20:50
Modified
2025-04-23 18:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Summary
TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem.
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:03:40.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-003"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T14:05:16.141810Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T18:15:28.239Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "typo3",
"vendor": "TYPO3",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0.0, \u003c 8.7.47"
},
{
"status": "affected",
"version": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"status": "affected",
"version": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"status": "affected",
"version": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-14T20:50:18.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-003"
}
],
"source": {
"advisory": "GHSA-3r95-23jp-mhvg",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting in Form Framework",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31048",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Scripting in Form Framework"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "typo3",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.0.0, \u003c 8.7.47"
},
{
"version_value": "\u003e= 9.0.0, \u003c 9.5.34"
},
{
"version_value": "\u003e= 10.0.0, \u003c 10.4.29"
},
{
"version_value": "\u003e= 11.0.0, \u003c 11.5.11"
}
]
}
}
]
},
"vendor_name": "TYPO3"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg",
"refsource": "CONFIRM",
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-3r95-23jp-mhvg"
},
{
"name": "https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0",
"refsource": "MISC",
"url": "https://github.com/TYPO3/typo3/commit/6f2554dc4ea0b670fd5599c54fd788d4db96c4a0"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2022-003",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2022-003"
}
]
},
"source": {
"advisory": "GHSA-3r95-23jp-mhvg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31048",
"datePublished": "2022-06-14T20:50:18.000Z",
"dateReserved": "2022-05-18T00:00:00.000Z",
"dateUpdated": "2025-04-23T18:15:28.239Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…