typo3/cms-backend Security Advisories for v9.5.14 (4)
-
[MEDIUM] TYPO3 CMS has Broken Access Control in Backend API
PKSA-gksc-phy8-f181 CVE-2026-47352 GHSA-2j54-93q2-3hjq
Affected version: >=14.0.0,<14.3.3|>=13.0.0,<13.4.31|>=12.0.0,<12.4.46|>=11.0.0,<11.5.51|<10.4.57
Reported by:
GitHub -
[MEDIUM] TYPO3 CMS: Broken Access Control in Media Module
PKSA-4mhm-w6hx-yhcy CVE-2026-47351 GHSA-q93m-25xv-94hh
Affected version: >=14.0.0,<14.3.3|>=13.0.0,<13.4.31|>=12.0.0,<12.4.46|>=11.0.0,<11.5.51|<10.4.57
Reported by:
GitHub -
[MEDIUM] TYPO3 backend modules have Broken Access Control
PKSA-27mn-p368-8rxc CVE-2025-59017 GHSA-2fhw-2j7m-mr4m
Affected version: >=13.0.0,<13.4.18|>=12.0.0,<12.4.37|>=11.0.0,<11.5.48|>=10.0.0,<10.4.54|>=9.0.0,<9.5.55
Reported by:
GitHub -
[MEDIUM] Cross-Site Scripting in Content Preview (CType menu)
PKSA-t94y-b11s-1rg9 CVE-2021-21370 GHSA-x7hc-x7fm-f7qh
Affected version: >=11.0.0,<=11.1.0|>=10.0.0,<=10.4.13|>=9.0.0,<=9.5.24|>=8.0.0,<=8.7.39|>=7.0.0,<=7.6.50
Reported by:
GitHub