These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2016-5091 affects TYPO3 Extbase and is rated high severity by NVD. The issue can let a remote attacker obtain sensitive information and, in some cases, possibly execute arbitrary code through a crafted Extbase action. The source set shows the vendor and mailing-list references in May 2016, while the CVE record itself was published on 2017-01-23.
CVE-2016-4056 is a cross-site scripting issue in the TYPO3 Backend component. The vulnerability affects TYPO3 6.2.x before 6.2.19 and can let a remote attacker inject arbitrary web script or HTML via the module parameter when creating a bookmark. Because the attack requires user interaction, the main risk is malicious code executing in an authenticated user’s browser session rather than direct server compromise.