typo3/cms-form

Packagist4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting typo3/cms-formpage 1 of 1

CVE-2021-21355HIGHCVSS 8.6EG 8.6✓ Fixed in 11.1.1
2021-03-23
vulnerable: v11.0.0, v11.1.0
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary …
CVE-2021-21357HIGHCVSS 8.3EG 8.3✓ Fixed in 11.1.1
2021-03-23
vulnerable: v11.0.0, v11.1.0
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1 due to improper input validation, attackers can by-pass restrictions of predefined options and submit arbitrary data …
CVE-2021-21358MEDIUMCVSS 5.4EG 5.4✓ Fixed in 11.1.1
2021-03-23
vulnerable: v11.0.0, v11.1.0
TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid bac…
CVE-2024-55922MEDIUMCVSS 5.4EG 5.4✓ Fixed in 10.4.48
2025-01-14
vulnerable: v10.0.0 ... v10.4.9 (43 versions)
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forge…

Check whether typo3/cms-form is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for typo3/cms-form CVEs against the assets you own.

Start Free Scan →