typo3/cms-backend vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the typo3/cms-backend package. This does not include vulnerabilities belonging to this package’s dependencies.

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Vulnerability	Vulnerable Version
M Missing Authorization	>=12.0.0, <12.4.37>=13.0.0, <13.4.18
M Uncaught Exception	>=11.3.0, <12.4.37>=13.0.0, <13.4.18
M Missing Authorization	<12.4.37>=13.0.0, <13.4.18
H Authentication Bypass Using an Alternate Path or Channel	>=12.0.0, <12.4.31>=13.0.0, <13.4.12
M Denial of Service (DoS)	>=10.0.0, <10.4.46>=11.0.0, <11.5.40>=12.0.0, <12.4.21>=13.0.0, <13.3.1
L Incorrect Authorization	<11.5.40>=12.0.0, <12.4.21>=13.0.0, <13.3.1
M Storing Passwords in a Recoverable Format	<11.5.35>=12.0.0, <12.4.11>=13.0.0, <13.0.1
M Exposure of Sensitive Information to an Unauthorized Actor	<11.5.35>=12.0.0, <12.4.11>=13.0.0, <13.0.1
M Operation on a Resource after Expiration or Release	<10.4.32>=11.0.0, <11.5.16
M Cross-site Scripting (XSS)	>=11.0.0, <11.3.1>=10.0.0, <10.4.18>=9.0.0, <9.5.28>=8.0.0, <8.7.41
L Cross-site Scripting (XSS)	>=11.0.0, <11.1.1>=10.0.0, <10.4.14<9.5.25
M Cross-site Scripting (XSS)	>=11.0.0, <11.1.1>=10.0.0, <10.4.14