Package impact

Packagist / typo3/cms-backend

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2026-6553	high	7.5	7.5	1mo ago	TYPO3 CMS Stores Cleartext Password in User Settings Module
CVE-2010-3659	medium	5.4	5.4	9y ago	TYPO3 Cross-site Scripting vulnerability in the extension manager and backend forms
CVE-2010-3715	medium	—	4.3	16y ago	TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend
CVE-2025-59020	unknown	—	—	4mo ago	TYPO3 CMS Allows Broken Access Control in Edit Document Controller
CVE-2025-59019	unknown	—	—	9mo ago	TYPO3 CSV download feature information disclosure
CVE-2025-59017	unknown	—	—	9mo ago	TYPO3 backend modules have Broken Access Control
CVE-2025-59014	unknown	—	—	9mo ago	TYPO3 Bookmark Toolbar vulnerable to denial of service
CVE-2025-47941	unknown	—	—	1y ago	The TYPO3 CMS Backend has Broken Authentication in Backend MFA
CVE-2024-34537	unknown	—	—	2y ago	Denial of Service in TYPO3 Bookmark Toolbar
CVE-2024-47780	unknown	—	—	2y ago	Information Disclosure in TYPO3 Page Tree
CVE-2008-5644	unknown	—	—	4y ago	TYPO3 Cross-site Scripting vulnerability in the file backend module
CVE-2009-3630	unknown	—	—	4y ago	TYPO3 Backend vulnerable to Frame Hijacking
CVE-2009-3631	unknown	—	—	4y ago	TYPO3 Backend Command Injection via Shell Metacharacters in Uploaded File Name
CVE-2009-3629	unknown	—	—	4y ago	TYPO3 Backend vulnerable to Cross-site Scripting
CVE-2009-3628	unknown	—	—	4y ago	TYPO3 Backend Discloses Encryption Key
CVE-2010-3664	unknown	—	—	4y ago	TYPO3 is vulnerable to Information Disclosure on the backend
CVE-2010-3663	unknown	—	—	4y ago	TYPO3 Arbitrary Code Execution vulnerability on the backend
CVE-2010-3662	unknown	—	—	4y ago	TYPO3 SQL injection vulnerability on the backend
CVE-2010-3661	unknown	—	—	4y ago	TYPO3 Open Redirection vulnerability on the backend
CVE-2010-3660	unknown	—	—	4y ago	TYPO3 is vulnerable to Cross-Site Scripting (XSS) on the backend
CVE-2021-21370	unknown	—	—	5y ago	Cross-Site Scripting in Content Preview (CType menu)
CVE-2021-21340	unknown	—	—	5y ago	Cross-Site Scripting in Content Preview