✅ Check your installed version
All known vulnerabilities
HIGH8.8CVE-2010-3662TYPO3 SQL injection vulnerability on the backend from 0, < 4.1.14
HIGH8.8CVE-2010-3663TYPO3 Arbitrary Code Execution vulnerability on the backend from 0, < 4.1.14
HIGH7.5CVE-2026-6553TYPO3 CMS Stores Cleartext Password in User Settings Module >= 14.2.0, < 14.3.0
HIGH7.2CVE-2025-47941The TYPO3 CMS Backend has Broken Authentication in Backend MFA >= 12.0.0, < 12.4.31
MEDIUM6.5CVE-2010-3664TYPO3 is vulnerable to Information Disclosure on the backend from 0, < 4.1.14
MEDIUM6.1CVE-2010-3661TYPO3 Open Redirection vulnerability on the backend from 0, < 4.1.14
>= 4.1.0, < 4.1.14
MEDIUM5.4CVE-2010-3660TYPO3 is vulnerable to Cross-Site Scripting (XSS) on the backend from 0, < 4.1.14
MEDIUM5.4CVE-2021-21370Cross-Site Scripting in Content Preview (CType menu) >= 7.0.0, < 7.6.51
>= 10.0.0, < 10.4.14
>= 13.0.0, < 13.3.1
>= 13.0.0, < 13.3.1
—CVE-2025-59020TYPO3 CMS Allows Broken Access Control in Edit Document Controller >= 14.0.0, < 14.0.2
>= 9.0.0, < 12.4.37
>= 12.0.0, < 12.4.37
>= 11.0.0, < 12.4.37
—CVE-2010-3715TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend >= 4.2.0, < 4.2.15
—CVE-2008-5644TYPO3 Cross-site Scripting vulnerability in the file backend module >= 4.2.2, < 4.2.3
from 0, <= 4.0.13
—CVE-2009-3631TYPO3 Backend Command Injection via Shell Metacharacters in Uploaded File Name from 0, <= 4.0.13
from 0, <= 4.0.13
from 0, <= 4.0.13