typo3/cms-backend Security Advisories (17)
-
[HIGH] The TYPO3 CMS Backend has Broken Authentication in Backend MFA
PKSA-7w9w-389g-6rb9 CVE-2025-47941 GHSA-744g-7qm9-hjh9
Affected version: >=13.0.0,<=13.4.11|>=12.0.0,<=12.4.30
Reported by:
GitHub -
[LOW] Denial of Service in TYPO3 Bookmark Toolbar
PKSA-9vjc-5m3y-9mrq CVE-2024-34537 GHSA-ffcv-v6pw-qhrp
Affected version: >=10.0.0,<=10.4.45|>=11.0.0,<=11.5.39|>=12.0.0,<12.4.20|=13.0.0
Reported by:
GitHub -
[LOW] Information Disclosure in TYPO3 Page Tree
PKSA-4w8t-ddwx-n1z6 CVE-2024-47780 GHSA-rf5m-h8q9-9w6q
Affected version: >=10.0.0,<10.4.46|>=11.0.0,<11.5.40|>=12.0.0,<12.4.21|>=13.0.0,<13.3.1
Reported by:
GitHub -
[MEDIUM] TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend
PKSA-ypts-nf6x-sc9n CVE-2010-3715 GHSA-mwqv-jff6-5v62
Affected version: >=4.4.0,<4.4.4|>=4.3.0,<4.3.7|>=4.2.0,<4.2.15
Reported by:
GitHub -
[MEDIUM] TYPO3 Cross-site Scripting vulnerability in the file backend module
PKSA-18bs-jt2v-9q3z CVE-2008-5644 GHSA-733v-22mg-7f8w
Affected version: =4.2.2
Reported by:
GitHub -
[MEDIUM] TYPO3 Cross-site Scripting vulnerability in the extension manager and backend forms
PKSA-qdd3-3rc5-3tx5 CVE-2010-3659 GHSA-jr79-65xr-q7cx
Affected version: >=4.4.0,<4.4.1|>=4.3.0,<4.3.4|>=4.2.0,<4.2.13|>=4.1.0,<4.1.14
Reported by:
GitHub -
[MEDIUM] TYPO3 Backend Discloses Encryption Key
PKSA-vv6f-n44y-t8cy CVE-2009-3628 GHSA-2wgg-c8xc-7gg3
Affected version: >=4.3alpha1,<4.3beta2|>=4.2.0,<4.2.10|>=4.1.0,<4.1.13|<=4.0.13
Reported by:
GitHub -
[HIGH] TYPO3 Backend Command Injection via Shell Metacharacters in Uploaded File Name
PKSA-3bnf-9x8r-4r22 CVE-2009-3631 GHSA-3cqw-pxgr-jhrm
Affected version: >=4.3alpha1,<4.3beta2|>=4.2.0,<4.2.10|>=4.1.0,<4.1.13|<=4.0.13
Reported by:
GitHub -
[MEDIUM] TYPO3 Backend vulnerable to Frame Hijacking
PKSA-r321-b6qr-5765 CVE-2009-3630 GHSA-mg66-3x8x-r8g2
Affected version: >=4.3alpha1,<4.3beta2|>=4.2.0,<4.2.10|>=4.1.0,<4.1.13|<=4.0.13
Reported by:
GitHub -
[LOW] TYPO3 Backend vulnerable to Cross-site Scripting
PKSA-c538-ny6f-p2pv CVE-2009-3629 GHSA-g857-p997-wx7w
Affected version: >=4.3alpha1,<4.3beta2|>=4.2.0,<4.2.10|>=4.1.0,<4.1.13|<=4.0.13
Reported by:
GitHub -
[MEDIUM] TYPO3 is vulnerable to Information Disclosure on the backend
PKSA-c47t-v87h-d37b CVE-2010-3664 GHSA-8xp9-99h5-4vcg
Affected version: >=4.4.0,<4.4.1|>=4.3.0,<4.3.4|>=4.2.0,<4.2.13|<4.1.14
Reported by:
GitHub -
[MEDIUM] TYPO3 Open Redirection vulnerability on the backend
PKSA-psh3-1wf1-n6vp CVE-2010-3661 GHSA-j628-384g-rmgc
Affected version: >=4.4.0,<4.4.1|>=4.3.0,<4.3.4|>=4.2.0,<4.2.13|<4.1.14
Reported by:
GitHub -
[HIGH] TYPO3 SQL injection vulnerability on the backend
PKSA-hfpc-9g5j-tf25 CVE-2010-3662 GHSA-4rvc-5hrh-qmwf
Affected version: >=4.4.0,<4.4.1|>=4.3.0,<4.3.4|>=4.2.0,<4.2.13|<4.1.14
Reported by:
GitHub -
[HIGH] TYPO3 Arbitrary Code Execution vulnerability on the backend
PKSA-5fpw-kmny-hhxn CVE-2010-3663 GHSA-wjpc-gjf7-9938
Affected version: >=4.4,<4.4.1|>=4.3,<4.3.4|>=4.2,<4.2.13|<4.1.14
Reported by:
GitHub -
[MEDIUM] TYPO3 is vulnerable to Cross-Site Scripting (XSS) on the backend
PKSA-73gs-whnx-t29w CVE-2010-3660 GHSA-cg45-qgcf-hf9x
Affected version: >=4.4.0,<4.4.1|>=4.3.0,<4.3.4|>=4.2.0,<4.2.13|<4.1.14
Reported by:
GitHub -
[MEDIUM] Cross-Site Scripting in Content Preview (CType menu)
PKSA-t94y-b11s-1rg9 CVE-2021-21370 GHSA-x7hc-x7fm-f7qh
Affected version: >=11.0.0,<=11.1.0|>=10.0.0,<=10.4.13|>=9.0.0,<=9.5.24|>=8.0.0,<=8.7.39|>=7.0.0,<=7.6.50
Reported by:
GitHub -
[MEDIUM] Cross-Site Scripting in Content Preview
PKSA-n961-k227-s276 CVE-2021-21340 GHSA-fjh3-g8gq-9q92
Affected version: >=11.0.0,<=11.1.0|>=10.0.0,<=10.4.13
Reported by:
GitHub