VulnerableCode Package Details - pkg:composer/typo3/cms-backend@9.0.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-buz5-hzv3-97hp Aliases: CVE-2025-59017 GHSA-2fhw-2j7m-mr4m	TYPO3 backend modules have Broken Access Control Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.	12.4.37 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 13.4.18 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-t3jn-vwbx-u7cr Aliases: CVE-2021-21370 GHSA-x7hc-x7fm-f7qh	Cross-Site Scripting in Content Preview (CType menu) ### Problem It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 contributor Oliver Bartsch who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2021-008](https://typo3.org/security/advisory/typo3-core-sa-2021-008)	9.5.25 Affected by 0 other vulnerabilities. 10.4.14 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.1.1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-buz5-hzv3-97hp
Aliases:
CVE-2025-59017
GHSA-2fhw-2j7m-mr4m

TYPO3 backend modules have Broken Access Control Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.

12.4.37
Affected by 1 other vulnerability.

13.4.18
Affected by 1 other vulnerability.

VCID-t3jn-vwbx-u7cr
Aliases:
CVE-2021-21370
GHSA-x7hc-x7fm-f7qh

Cross-Site Scripting in Content Preview (CType menu) ### Problem It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 contributor Oliver Bartsch who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2021-008](https://typo3.org/security/advisory/typo3-core-sa-2021-008)

9.5.25
Affected by 0 other vulnerabilities.

10.4.14
Affected by 3 other vulnerabilities.

11.1.1
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T23:40:45.015234+00:00	GitLab Importer	Affected by	VCID-buz5-hzv3-97hp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2025-59017.yml	38.4.0
2026-04-16T21:19:27.252859+00:00	GitLab Importer	Affected by	VCID-t3jn-vwbx-u7cr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21370.yml	38.4.0
2026-04-12T01:01:33.937844+00:00	GitLab Importer	Affected by	VCID-buz5-hzv3-97hp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2025-59017.yml	38.3.0
2026-04-11T22:31:45.749333+00:00	GitLab Importer	Affected by	VCID-t3jn-vwbx-u7cr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21370.yml	38.3.0
2026-04-07T04:58:44.287377+00:00	GHSA Importer	Affected by	VCID-buz5-hzv3-97hp	https://github.com/advisories/GHSA-2fhw-2j7m-mr4m	38.1.0
2026-04-03T01:09:49.257890+00:00	GitLab Importer	Affected by	VCID-buz5-hzv3-97hp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2025-59017.yml	38.1.0
2026-04-02T22:43:06.062102+00:00	GitLab Importer	Affected by	VCID-t3jn-vwbx-u7cr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21370.yml	38.1.0
2026-04-02T16:56:18.717329+00:00	GHSA Importer	Affected by	VCID-t3jn-vwbx-u7cr	https://github.com/advisories/GHSA-x7hc-x7fm-f7qh	38.1.0
2026-04-01T17:00:48.962833+00:00	GitLab Importer	Affected by	VCID-t3jn-vwbx-u7cr	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21370.yml	38.0.0