Typo3 Cms-Backend vulnerabilities

CVE-2025-59020 [MEDIUM] CWE-863 TYPO3 CMS Allows Broken Access Control in Edit Document Controller TYPO3 CMS Allows Broken Access Control in Edit Document Controller ### Problem By exploiting the `defVals` parameter, attackers could bypass field‑level access checks during record creation in the TYPO3 backend. This gave them the ability to insert arbitrary data into prohibited exclude fields of a database table for which the user already has write permission for a reduced set of fields. ### Sol

CVE-2025-59017 [MEDIUM] CWE-862 TYPO3 backend modules have Broken Access Control TYPO3 backend modules have Broken Access Control Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.

CVE-2025-59019 [MEDIUM] CWE-200 TYPO3 CSV download feature information disclosure TYPO3 CSV download feature information disclosure Missing authorization checks in the CSV download feature of TYPO3 CMS versions 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to disclose information from arbitrary database tables stored within the users' web mounts without having access to them.

CVE-2025-59014 [MEDIUM] CWE-248 TYPO3 Bookmark Toolbar vulnerable to denial of service TYPO3 Bookmark Toolbar vulnerable to denial of service An uncaught exception in the Bookmark Toolbar of TYPO3 CMS versions 11.0.0–11.5.47, 12.0.0–12.4.36, and 13.0.0–13.4.17 lets administrator‑level backend users trigger a denial‑of‑service condition in the backend user interface by saving manipulated data in the bookmark toolbar.

CVE-2025-47941 [HIGH] CWE-288 The TYPO3 CMS Backend has Broken Authentication in Backend MFA The TYPO3 CMS Backend has Broken Authentication in Backend MFA ### Problem The multifactor authentication (MFA) dialog presented during backend login can be bypassed due to insufficient enforcement of access restrictions on all backend routes. Successful exploitation requires valid backend user credentials, as MFA can only be bypassed after successful authentication. ### Solution Update to TYPO3 versi

CVE-2024-47780 [LOW] CWE-863 Information Disclosure in TYPO3 Page Tree Information Disclosure in TYPO3 Page Tree ### Problem Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected users could not manipulate these pages. ### Solution Update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the

CVE-2024-34537 [LOW] CWE-1286 Denial of Service in TYPO3 Bookmark Toolbar Denial of Service in TYPO3 Bookmark Toolbar ### Problem Due to insufficient input validation, manipulated data saved in the bookmark toolbar of the backend user interface causes a general error state, blocking further access to the interface. Exploiting this vulnerability requires an administrator-level backend user account. ### Solution Update to TYPO3 versions 10.4.46 ELTS, 11.5.40 LTS, 12.4.21 LTS, 13.3.1 that fix the

CVE-2010-3715 [MEDIUM] CWE-79 TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the RemoveXSS function, and allow remote authenticated users to inject arbitr

CVE-2008-5644 [MEDIUM] CWE-79 TYPO3 Cross-site Scripting vulnerability in the file backend module TYPO3 Cross-site Scripting vulnerability in the file backend module Cross-site scripting (XSS) vulnerability in the file backend module in TYPO3 4.2.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVE-2010-3659 [MEDIUM] CWE-79 TYPO3 Cross-site Scripting vulnerability in the extension manager and backend forms TYPO3 Cross-site Scripting vulnerability in the extension manager and backend forms Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified parameters to the extension manager, or unspecified par

CVE-2009-3631 [HIGH] CWE-94 TYPO3 Backend Command Injection via Shell Metacharacters in Uploaded File Name TYPO3 Backend Command Injection via Shell Metacharacters in Uploaded File Name The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2, when the DAM extension or ftp upload is enabled, allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.

CVE-2009-3630 [MEDIUM] TYPO3 Backend vulnerable to Frame Hijacking TYPO3 Backend vulnerable to Frame Hijacking The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue.

CVE-2009-3628 [MEDIUM] CWE-200 TYPO3 Backend Discloses Encryption Key TYPO3 Backend Discloses Encryption Key The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to determine an encryption key via crafted input to a tt_content form element.

CVE-2009-3629 [LOW] CWE-79 TYPO3 Backend vulnerable to Cross-site Scripting TYPO3 Backend vulnerable to Cross-site Scripting Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVE-2010-3663 [HIGH] CWE-434 TYPO3 Arbitrary Code Execution vulnerability on the backend TYPO3 Arbitrary Code Execution vulnerability on the backend TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.

CVE-2010-3662 [HIGH] CWE-89 TYPO3 SQL injection vulnerability on the backend TYPO3 SQL injection vulnerability on the backend TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.

CVE-2010-3661 [MEDIUM] CWE-601 TYPO3 Open Redirection vulnerability on the backend TYPO3 Open Redirection vulnerability on the backend TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Open Redirection on the backend.

CVE-2010-3660 [MEDIUM] CWE-79 TYPO3 is vulnerable to Cross-Site Scripting (XSS) on the backend TYPO3 is vulnerable to Cross-Site Scripting (XSS) on the backend TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows XSS on the backend.

CVE-2010-3664 [MEDIUM] CWE-200 TYPO3 is vulnerable to Information Disclosure on the backend TYPO3 is vulnerable to Information Disclosure on the backend TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Information Disclosure on the backend.

CVE-2021-21370 [MEDIUM] CWE-79 Cross-Site Scripting in Content Preview (CType menu) Cross-Site Scripting in Content Preview (CType menu) ### Problem It has been discovered that content elements of type _menu_ are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. ### Solution Update to TYPO3 versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 that fix the problem described. ### Cre