Typo3/cms-backend
This hub aggregates every CVE we track for Typo3/cms-backend, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
21
CVEs tracked
0
Critical
5
High
0
In CISA KEV
Severity distribution
MEDIUM13HIGH5LOW3
Monthly trend
0
0
0
2
0
0
0
0
0
0
1
0
0
0
3
0
0
0
1
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Typo3/cms-backend.
- CVE-2025-59020TYPO3 CMS Allows Broken Access Control in Edit Document Controller6.5
- CVE-2025-59019Information Disclosure via CSV Download4.3
- CVE-2025-59017Broken Access Control in Backend AJAX Routes8.8
- CVE-2025-59014Denial of Service in TYPO3 Bookmark Toolbar2.7
- CVE-2025-47941TYPO3 Has Broken Authentication in Backend MFA7.2
- CVE-2024-34537TYPO3 before 13.3.1 allows denial of service (interface error) in the Bookmark Toolbar (ext:backend), exploitable by an administrator-level backend user account via manipulated data saved in the bo...4.9
- CVE-2024-47780Information Disclosure in TYPO3 Page Tree3.1
- CVE-2021-21370Cross-Site Scripting in Content Preview (CType menu)5.4
- CVE-2021-21340Cross-Site Scripting in Content Preview5.4
- CVE-2010-3664TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.6.5
- CVE-2010-3663TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute ...8.8
- CVE-2010-3662TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.8.8
- CVE-2010-3661TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.6.1
- CVE-2010-3660TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.5.4
- CVE-2010-3659Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inj...5.4
Product normalization is registry-driven with AI assist and human review. How it works