VulnerableCode Package Details - pkg:composer/typo3/cms-backend@10.4.11

Search for packages

Package details: pkg:composer/typo3/cms-backend@10.4.11

Essentials
History (4)

purl	pkg:composer/typo3/cms-backend@10.4.11

Next non-vulnerable version	11.5.40
Latest non-vulnerable version	11.5.40
Risk

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-bccy-q51m-b3gy Aliases: CVE-2024-34537 GHSA-ffcv-v6pw-qhrp	Denial of Service in TYPO3 Bookmark Toolbar ### Problem Due to insufficient input validation, manipulated data saved in the bookmark toolbar of the backend user interface causes a general error state, blocking further access to the interface. Exploiting this vulnerability requires an administrator-level backend user account. ### Solution Update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. ### Credits Thanks to Hendrik Eichner who reported this issue and to TYPO3 core & security team members Oliver Hader and Benjamin Franzke who fixed the issue. ### References * [TYPO3-CORE-SA-2024-011](https://typo3.org/security/advisory/typo3-core-sa-2024-001)	10.4.46 Affected by 0 other vulnerabilities. 11.5.40 Affected by 0 other vulnerabilities. 12.4.21 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 13.3.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-efax-e17q-jud4 Aliases: CVE-2021-21340 GHSA-fjh3-g8gq-9q92	Cross-Site Scripting in Content Preview ### Problem It has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed in the page module. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to Richie Lee who reported this issue and to TYPO3 framework merger Andreas Fernandez who fixed the issue. ### References * [TYPO3-CORE-SA-2021-007](https://typo3.org/security/advisory/typo3-core-sa-2021-007)	10.4.14 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.1.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ekj9-nhu4-93cc Aliases: CVE-2021-21370 GHSA-x7hc-x7fm-f7qh	Cross-Site Scripting in Content Preview (CType menu) ### Problem It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 contributor Oliver Bartsch who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2021-008](https://typo3.org/security/advisory/typo3-core-sa-2021-008)	10.4.14 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 11.1.1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-nqe1-b3zv-pufk Aliases: CVE-2024-47780 GHSA-rf5m-h8q9-9w6q	Information Disclosure in TYPO3 Page Tree ### Problem Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages. ### Solution Update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the problem described. ### Credits Thanks to Peter Schuler who reported this issue and to TYPO3 core & security team member Oliver Hader who fixed the issue.	10.4.46 Affected by 0 other vulnerabilities. 11.5.40 Affected by 0 other vulnerabilities. 12.4.21 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 13.3.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-07-03T19:13:04.104928+00:00	GitLab Importer	Affected by	VCID-bccy-q51m-b3gy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2024-34537.yml	37.0.0
2025-07-03T19:13:03.275997+00:00	GitLab Importer	Affected by	VCID-nqe1-b3zv-pufk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2024-47780.yml	37.0.0
2025-07-03T17:56:57.769202+00:00	GitLab Importer	Affected by	VCID-ekj9-nhu4-93cc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21370.yml	37.0.0
2025-07-03T17:56:54.275745+00:00	GitLab Importer	Affected by	VCID-efax-e17q-jud4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21340.yml	37.0.0