Search for packages
Package details: pkg:composer/typo3/cms-backend@8.7.30
purl pkg:composer/typo3/cms-backend@8.7.30
Next non-vulnerable version 9.5.25
Latest non-vulnerable version 11.5.40
Risk 3.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-ekj9-nhu4-93cc
Aliases:
CVE-2021-21370
GHSA-x7hc-x7fm-f7qh
Cross-Site Scripting in Content Preview (CType menu) ### Problem It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 contributor Oliver Bartsch who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2021-008](https://typo3.org/security/advisory/typo3-core-sa-2021-008)
8.7.40
Affected by 0 other vulnerabilities.
9.5.25
Affected by 0 other vulnerabilities.
10.4.14
Affected by 2 other vulnerabilities.
11.1.1
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T17:56:57.639361+00:00 GitLab Importer Affected by VCID-ekj9-nhu4-93cc https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21370.yml 37.0.0