CVE-2021-21370

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-21370
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21370.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-21370
Aliases
Related
Published
2021-03-23T02:15:12.987Z
Modified
2025-12-09T12:01:26.728745Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1 it has been discovered that content elements of type menu are vulnerable to cross-site scripting when their referenced items get previewed in the page module. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 7.6.51, 8.7.40, 9.5.25, 10.4.14, 11.1.1.

References

Affected packages

Git / github.com/typo3/typo3

Affected ranges

Type
GIT
Repo
https://github.com/typo3/typo3
Events
Introduced
c91b70e450c52d29ffb08115fffbb7832b15a330
Fixed
9f8b73eb73f0f9834979641c02708dc168e36eda

Affected versions

v10.*

v10.0.0
v10.1.0
v10.2.0
v10.3.0
v10.4.0
v10.4.1
v10.4.10
v10.4.11
v10.4.12
v10.4.13
v10.4.2
v10.4.3
v10.4.4
v10.4.5
v10.4.6
v10.4.7
v10.4.8
v10.4.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21370.json"

Git / github.com/typo3/typo3.cms

Affected ranges

Type
GIT
Repo
https://github.com/typo3/typo3.cms
Events
Introduced
41235ff8e38c6f3401df03ae8beddd62d662c525
Fixed
98b19b1727f002a9d20359f7c341c7981086989f

Affected versions

v9.*

v9.0.0
v9.1.0
v9.2.0
v9.3.0
v9.4.0
v9.5.0
v9.5.1
v9.5.10
v9.5.11
v9.5.12
v9.5.13
v9.5.14
v9.5.15
v9.5.16
v9.5.17
v9.5.18
v9.5.19
v9.5.2
v9.5.20
v9.5.21
v9.5.22
v9.5.23
v9.5.24
v9.5.3
v9.5.4
v9.5.5
v9.5.6
v9.5.7
v9.5.8
v9.5.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21370.json"