Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/typo3/cms@8.7.40
purl pkg:composer/typo3/cms@8.7.40
Tags Ghost
Next non-vulnerable version 10.4.35
Latest non-vulnerable version 12.2.0
Risk 3.1
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-ekfd-wp8z-d7e1
Aliases:
CVE-2021-32669
GHSA-rgcg-28xm-8mmw
Cross-site Scripting TYPO3 is an open source PHP based web content management system. have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 contain a patch for this vulnerability.
9.5.28
Affected by 10 other vulnerabilities.
10.4.18
Affected by 18 other vulnerabilities.
11.3.1
Affected by 20 other vulnerabilities.
VCID-n15v-ta9h-6ffb
Aliases:
CVE-2021-32767
GHSA-34fr-fhqr-7235
Inclusion of Sensitive Information in Log Files TYPO3 is an open source PHP based web content management system. User credentials may been logged as plain-text. This occurs when explicitly using log level debug, which is not the default configuration. TYPO3 contain a patch for this vulnerability.
9.5.28
Affected by 10 other vulnerabilities.
10.4.18
Affected by 18 other vulnerabilities.
11.3.1
Affected by 20 other vulnerabilities.
VCID-s64f-x81f-b7ce
Aliases:
CVE-2021-32668
GHSA-6mh3-j5r5-2379
Cross-site Scripting TYPO3 contains a cross-site scripting vulnerability. When error messages are not properly encoded, the components `_QueryGenerator_` and `_QueryView_` are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 contain a patch for this issue.
9.5.28
Affected by 10 other vulnerabilities.
10.4.18
Affected by 18 other vulnerabilities.
11.3.1
Affected by 20 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-02T12:38:06.118402+00:00 GitLab Importer Fixing VCID-5jgb-dsyx-hyb4 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2021-21338.yml 38.0.0
2026-04-02T12:38:05.577467+00:00 GitLab Importer Fixing VCID-he5m-6wj4-rbhc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2021-21357.yml 38.0.0
2026-04-02T12:38:05.152506+00:00 GitLab Importer Fixing VCID-t3jn-vwbx-u7cr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2021-21370.yml 38.0.0
2026-04-02T12:38:05.041057+00:00 GitLab Importer Fixing VCID-dsu7-jjjq-f3e1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2021-21339.yml 38.0.0
2026-04-02T12:38:04.844824+00:00 GitLab Importer Fixing VCID-xh7y-56vy-5ud8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2021-21355.yml 38.0.0
2026-04-01T12:48:36.361639+00:00 GitLab Importer Affected by VCID-ekfd-wp8z-d7e1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2021-32669.yml 38.0.0
2026-04-01T12:48:36.319230+00:00 GitLab Importer Affected by VCID-s64f-x81f-b7ce https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2021-32668.yml 38.0.0
2026-04-01T12:48:36.059785+00:00 GitLab Importer Affected by VCID-n15v-ta9h-6ffb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms/CVE-2021-32767.yml 38.0.0