{"id":"CVE-2021-36787","details":"The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document.","aliases":["GHSA-f3rf-v9qm-9c89"],"modified":"2026-07-09T05:14:12.690540Z","published":"2021-08-13T17:15:16.627Z","references":[{"type":"ADVISORY","url":"https://typo3.org/help/security-advisories/security"},{"type":"FIX","url":"https://typo3.org/security/advisory/typo3-ext-sa-2021-010"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/165675/TYPO3-femanager-6.3.0-Cross-Site-Scripting.html"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2022/Jan/53"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/in2code-de/femanager","events":[{"introduced":"0"},{"fixed":"9d9a03c0240501ff204d0e51a5e2a591e561f40f"},{"introduced":"9a09b57bb3f4b30a8aeafe6da114f81030495bc4"},{"fixed":"942a6496f297a53065f0099d2752e9bfcaf5fc1b"}],"database_specific":{"cpe":"cpe:2.3:a:in2code:femanager:*:*:*:*:*:typo3:*:*","extracted_events":[{"introduced":"0"},{"fixed":"5.5.1"},{"introduced":"6.0.0"},{"fixed":"6.3.1"}],"source":"CPE_RANGE"}}],"versions":["5.5.0","5.4.2","5.4.1","5.4.0","5.3.1","5.3.0","5.2.0","5.1.1","5.1.0","5.0.0","4.2.5","4.2.4","4.2.3","4.2.2","4.2.1","4.2.0","4.1.1","2.6.0","4.1.0","4.0.2","4.0.1","4.0.0","3.3.0","3.2.0","3.1.3","3.1.2","3.1.1","3.1.0","3.0.2","3.0.1","3.0.0","2.5.1","2.5.0","2.4.0","2.3.0","2.2.0","2.1.0","2.0.1","2.0.0","1.5.2","1.5.0","1.5.1","1.4.3","1.4.2","1.4.1","1.4.0","1.2.0","1.0.10","1.0.8","1.0.7","1.0.6","1.0.5","1.0.4","1.0.3","1.0.2","1.0.1","1.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36787.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}