Search for packages
| purl | pkg:composer/typo3/cms-backend@9.3.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-t3jn-vwbx-u7cr
Aliases: CVE-2021-21370 GHSA-x7hc-x7fm-f7qh |
Cross-Site Scripting in Content Preview (CType menu) ### Problem It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 contributor Oliver Bartsch who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2021-008](https://typo3.org/security/advisory/typo3-core-sa-2021-008) |
Affected by 0 other vulnerabilities. Affected by 3 other vulnerabilities. Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T21:19:27.265460+00:00 | GitLab Importer | Affected by | VCID-t3jn-vwbx-u7cr | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21370.yml | 38.4.0 |
| 2026-04-11T22:31:45.763358+00:00 | GitLab Importer | Affected by | VCID-t3jn-vwbx-u7cr | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21370.yml | 38.3.0 |
| 2026-04-02T22:43:06.075407+00:00 | GitLab Importer | Affected by | VCID-t3jn-vwbx-u7cr | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21370.yml | 38.1.0 |
| 2026-04-01T17:00:48.981146+00:00 | GitLab Importer | Affected by | VCID-t3jn-vwbx-u7cr | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21370.yml | 38.0.0 |