5.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-30083

GHSA ID

GHSA-rrh3-cgmx-w62f

EPSS Score

CWE

CWE-79

Published

3/19/2025

Updated

3/19/2025

KEV Status

Technology

PHP

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-30083

CVE-2025-30083: Additional TCA Allows Cross-Site Scripting (XSS)

A cross-site scripting (XSS) vulnerability has been discovered in the Additional TCA extension. This vulnerabily is exploitable by a logged in backend user utilizing the TYPO3 backend user interface. This user can create output in the HTML context by exploiting improperly encoded user input. Updates 1.15.17 and 1.16.9 are available for download.

(GitHub Advisory)

5.1

CVSS Score

3.1

Basic Information

CVE ID

CVE-2025-30083

GHSA ID

GHSA-rrh3-cgmx-w62f

EPSS Score

CWE

CWE-79

Published

3/19/2025

Updated

3/19/2025

KEV Status

Technology

PHP

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
codingms/additional-tca	composer	>= 1.16.0, < 1.16.9	1.16.9
codingms/additional-tca	composer	>= 1.7.0, < 1.15.17	1.15.17

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

* *ross-sit* s*riptin* (XSS) vuln*r**ility **s ***n *is*ov*r** in t** ***ition*l T** *xt*nsion. T*is vuln*r**ily is *xploit**l* *y * lo**** in ***k*n* us*r utilizin* t** TYPO* ***k*n* us*r int*r****. T*is us*r **n *r**t* output in t** *TML *ont*xt *y

Reasoning

No *n*lysis *v*il**l*

5.1

Basic Information

Concerned about an active attack path?

CVE-2025-30083: Additional TCA Allows Cross-Site Scripting (XSS)

5.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI