VulnerableCode Package Details - pkg:composer/typo3/cms-backend@8.0.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:composer/typo3/cms-backend@8.0.0

Essentials
History (2)

purl	pkg:composer/typo3/cms-backend@8.0.0
Tags	Ghost

Next non-vulnerable version	9.5.25
Latest non-vulnerable version	14.0.2
Risk	3.1

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-t3jn-vwbx-u7cr Aliases: CVE-2021-21370 GHSA-x7hc-x7fm-f7qh	Cross-Site Scripting in Content Preview (CType menu) ### Problem It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 contributor Oliver Bartsch who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2021-008](https://typo3.org/security/advisory/typo3-core-sa-2021-008)	8.7.40 Affected by 0 other vulnerabilities. 9.5.25 Affected by 0 other vulnerabilities. 10.4.14 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.1.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-t3jn-vwbx-u7cr
Aliases:
CVE-2021-21370
GHSA-x7hc-x7fm-f7qh

Cross-Site Scripting in Content Preview (CType menu) ### Problem It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 contributor Oliver Bartsch who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2021-008](https://typo3.org/security/advisory/typo3-core-sa-2021-008)

8.7.40
Affected by 0 other vulnerabilities.

9.5.25
Affected by 0 other vulnerabilities.

10.4.14
Affected by 3 other vulnerabilities.

11.1.1
Affected by 3 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T16:56:18.873670+00:00	GHSA Importer	Affected by	VCID-t3jn-vwbx-u7cr	https://github.com/advisories/GHSA-x7hc-x7fm-f7qh	38.1.0
2026-04-02T12:38:07.211732+00:00	GitLab Importer	Affected by	VCID-t3jn-vwbx-u7cr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21370.yml	38.0.0