HIGH8.8CVE-2010-3663TYPO3 Arbitrary Code Execution vulnerability on the backend from 0, < 4.1.14
HIGH8.8CVE-2010-3662TYPO3 SQL injection vulnerability on the backend from 0, < 4.1.14
HIGH7.5CVE-2026-6553TYPO3 CMS Stores Cleartext Password in User Settings Module >= 14.2.0, < 14.3.0
HIGH7.2The TYPO3 CMS Backend has Broken Authentication in Backend MFA
>= 12.0.0, < 12.4.31
MEDIUM6.5TYPO3 is vulnerable to Information Disclosure on the backend
from 0, < 4.1.14
MEDIUM6.1TYPO3 Open Redirection vulnerability on the backend
from 0, < 4.1.14
MEDIUM5.4TYPO3 Cross-site Scripting vulnerability in the extension manager and backend forms
>= 4.1.0, < 4.1.14
MEDIUM5.4TYPO3 is vulnerable to Cross-Site Scripting (XSS) on the backend
from 0, < 4.1.14
MEDIUM5.4Cross-Site Scripting in Content Preview (CType menu)
>= 7.0.0, < 7.6.51
MEDIUM5.4Cross-Site Scripting in Content Preview
>= 10.0.0, < 10.4.14
LOW3.1Information Disclosure in TYPO3 Page Tree
>= 13.0.0, < 13.3.1
LOW2.7Denial of Service in TYPO3 Bookmark Toolbar
>= 13.0.0, < 13.3.1
—TYPO3 CMS has Broken Access Control in Backend API
from 0, < 10.4.57
—TYPO3 CMS: Broken Access Control in Media Module
from 0, < 10.4.57
—TYPO3 CMS Allows Broken Access Control in Edit Document Controller
>= 14.0.0, < 14.0.2
—TYPO3 backend modules have Broken Access Control
>= 9.0.0, < 12.4.37
—TYPO3 CSV download feature information disclosure
>= 12.0.0, < 12.4.37
—TYPO3 Bookmark Toolbar vulnerable to denial of service
>= 11.0.0, < 12.4.37
—TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend
>= 4.2.0, < 4.2.15
—TYPO3 Cross-site Scripting vulnerability in the file backend module
>= 4.2.2, < 4.2.3
—TYPO3 Backend vulnerable to Frame Hijacking
from 0, <= 4.0.13
—TYPO3 Backend vulnerable to Cross-site Scripting
from 0, <= 4.0.13
—TYPO3 Backend Command Injection via Shell Metacharacters in Uploaded File Name
from 0, <= 4.0.13
—TYPO3 Backend Discloses Encryption Key
from 0, <= 4.0.13