5.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-30083

GHSA ID

GHSA-rrh3-cgmx-w62f

EPSS Score

CWE

CWE-79

Published

3/19/2025

Updated

3/19/2025

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-30083

CVE-2025-30083: Additional TCA Allows Cross-Site Scripting (XSS)

A cross-site scripting (XSS) vulnerability has been discovered in the Additional TCA extension. This vulnerabily is exploitable by a logged in backend user utilizing the TYPO3 backend user interface. This user can create output in the HTML context by exploiting improperly encoded user input. Updates 1.15.17 and 1.16.9 are available for download.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-30083

CVE-2025-30083:

5.1

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2025-30083

GHSA ID

GHSA-rrh3-cgmx-w62f

EPSS Score

CWE

CWE-79

Published

3/19/2025

Updated

3/19/2025

KEV Status

Technology

PHP

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
codingms/additional-tca	composer	>= 1.16.0, < 1.16.9	1.16.9
codingms/additional-tca	composer	>= 1.7.0, < 1.15.17	1.15.17

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

5.1

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-30083: Additional TCA Allows Cross-Site Scripting (XSS)

CVE-2025-30083:

5.1

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

5.1

5.1

Basic Information

Basic Information

Technical Details

CVE-2025-30083: Additional TCA Allows Cross-Site Scripting (XSS)

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI