VulnerableCode Package Details - pkg:composer/typo3/cms-backend@10.4.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/typo3/cms-backend@10.4.1

Essentials
History (17)

purl	pkg:composer/typo3/cms-backend@10.4.1

Next non-vulnerable version	12.4.41
Latest non-vulnerable version	14.0.2
Risk	3.1

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-716n-jhj7-ebhh Aliases: CVE-2024-47780 GHSA-rf5m-h8q9-9w6q	Information Disclosure in TYPO3 Page Tree ### Problem Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages. ### Solution Update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. ### Credits Thanks to Peter Schuler who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue.	10.4.46 Affected by 0 other vulnerabilities. 11.5.40 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 12.4.21 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 13.3.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-a89c-jvwa-6kh5 Aliases: CVE-2021-21340 GHSA-fjh3-g8gq-9q92	Cross-Site Scripting in Content Preview ### Problem It has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed in the page module. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to Richie Lee who reported this issue and to TYPO3 framework merger Andreas Fernandez who fixed the issue. ### References * [TYPO3-CORE-SA-2021-007](https://typo3.org/security/advisory/typo3-core-sa-2021-007)	10.4.14 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.1.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-t3jn-vwbx-u7cr Aliases: CVE-2021-21370 GHSA-x7hc-x7fm-f7qh	Cross-Site Scripting in Content Preview (CType menu) ### Problem It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 contributor Oliver Bartsch who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2021-008](https://typo3.org/security/advisory/typo3-core-sa-2021-008)	10.4.14 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.1.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-uvfp-uq3t-6ffg Aliases: CVE-2025-59020 GHSA-5j7q-wmh7-cqhg	TYPO3 CMS Allows Broken Access Control in Edit Document Controller ### Problem By exploiting the `defVals` parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced set of fields. ### Solution Update to TYPO3 versions 10.4.55 ELTS, 11.5.49 ELTS, 12.4.41 LTS, 13.4.23 LTS, 14.0.2 that fix the problem described. ### Credits Thanks to Daniel Windloff for reporting this issue, and to TYPO3 core & security team member Benjamin Franzke for fixing it. ### References * [TYPO3-CORE-SA-2026-001](https://typo3.org/security/advisory/typo3-core-sa-2026-001)	10.4.55 Affected by 0 other vulnerabilities. 11.5.49 Affected by 0 other vulnerabilities. 12.4.41 Affected by 0 other vulnerabilities. 13.4.23 Affected by 0 other vulnerabilities. 14.0.2 Affected by 0 other vulnerabilities.
VCID-ymvw-ev1y-8fa3 Aliases: CVE-2024-34537 GHSA-ffcv-v6pw-qhrp	Denial of Service in TYPO3 Bookmark Toolbar ### Problem Due to insufficient input validation, manipulated data saved in the bookmark toolbar of the backend user interface causes a general error state, blocking further access to the interface. Exploiting this vulnerability requires an administrator-level backend user account. ### Solution Update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. ### Credits Thanks to Hendrik Eichner who reported this issue and to TYPO3 core & security team members Oliver Hader and Benjamin Franzke who fixed the issue. ### References * [TYPO3-CORE-SA-2024-011](https://typo3.org/security/advisory/typo3-core-sa-2024-001)	10.4.46 Affected by 0 other vulnerabilities. 11.5.40 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 12.4.21 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 13.3.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-17T00:08:21.368730+00:00	GitLab Importer	Affected by	VCID-uvfp-uq3t-6ffg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2025-59020.yml	38.4.0
2026-04-16T23:10:36.953395+00:00	GitLab Importer	Affected by	VCID-ymvw-ev1y-8fa3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2024-34537.yml	38.4.0
2026-04-16T23:10:35.791343+00:00	GitLab Importer	Affected by	VCID-716n-jhj7-ebhh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2024-47780.yml	38.4.0
2026-04-16T21:19:27.397558+00:00	GitLab Importer	Affected by	VCID-t3jn-vwbx-u7cr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21370.yml	38.4.0
2026-04-16T21:19:25.556713+00:00	GitLab Importer	Affected by	VCID-a89c-jvwa-6kh5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21340.yml	38.4.0
2026-04-12T01:31:53.165709+00:00	GitLab Importer	Affected by	VCID-uvfp-uq3t-6ffg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2025-59020.yml	38.3.0
2026-04-12T00:28:55.316826+00:00	GitLab Importer	Affected by	VCID-ymvw-ev1y-8fa3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2024-34537.yml	38.3.0
2026-04-12T00:28:54.308263+00:00	GitLab Importer	Affected by	VCID-716n-jhj7-ebhh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2024-47780.yml	38.3.0
2026-04-11T22:31:45.911961+00:00	GitLab Importer	Affected by	VCID-t3jn-vwbx-u7cr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21370.yml	38.3.0
2026-04-11T22:31:43.912665+00:00	GitLab Importer	Affected by	VCID-a89c-jvwa-6kh5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21340.yml	38.3.0
2026-04-03T01:40:50.463819+00:00	GitLab Importer	Affected by	VCID-uvfp-uq3t-6ffg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2025-59020.yml	38.1.0
2026-04-03T00:36:41.190183+00:00	GitLab Importer	Affected by	VCID-ymvw-ev1y-8fa3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2024-34537.yml	38.1.0
2026-04-03T00:36:40.155155+00:00	GitLab Importer	Affected by	VCID-716n-jhj7-ebhh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2024-47780.yml	38.1.0
2026-04-02T22:43:06.208043+00:00	GitLab Importer	Affected by	VCID-t3jn-vwbx-u7cr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21370.yml	38.1.0
2026-04-02T22:43:04.325478+00:00	GitLab Importer	Affected by	VCID-a89c-jvwa-6kh5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21340.yml	38.1.0
2026-04-01T17:00:49.158324+00:00	GitLab Importer	Affected by	VCID-t3jn-vwbx-u7cr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21370.yml	38.0.0
2026-04-01T17:00:46.891662+00:00	GitLab Importer	Affected by	VCID-a89c-jvwa-6kh5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21340.yml	38.0.0