Search for packages
| purl | pkg:composer/typo3/cms-backend@9.5.25 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-ekj9-nhu4-93cc | Cross-Site Scripting in Content Preview (CType menu) ### Problem It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Credits Thanks to TYPO3 contributor Oliver Bartsch who reported and fixed the issue. ### References * [TYPO3-CORE-SA-2021-008](https://typo3.org/security/advisory/typo3-core-sa-2021-008) |
CVE-2021-21370
GHSA-x7hc-x7fm-f7qh |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-07-03T17:56:57.726076+00:00 | GitLab Importer | Fixing | VCID-ekj9-nhu4-93cc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21370.yml | 37.0.0 |
| 2025-07-03T16:51:18.724058+00:00 | GHSA Importer | Fixing | VCID-ekj9-nhu4-93cc | https://github.com/advisories/GHSA-x7hc-x7fm-f7qh | 37.0.0 |
| 2025-07-03T13:56:07.311954+00:00 | GitLab Importer | Fixing | VCID-ekj9-nhu4-93cc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/typo3/cms-backend/CVE-2021-21370.yml | 36.1.3 |
| 2025-07-01T12:19:12.471321+00:00 | GithubOSV Importer | Fixing | VCID-ekj9-nhu4-93cc | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-x7hc-x7fm-f7qh/GHSA-x7hc-x7fm-f7qh.json | 36.1.3 |