TYPO3 is an enterprise content management system. Starting in version 9.0.0 and prior to versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1, the form manager backend module is vulnerable to cross-site scripting. Exploiting this vulnerability requires a valid backend user account with access to the form module. TYPO3 versions 9.5.48 ELTS, 10.4.45 ELTS, 11.5.37 LTS, 12.4.15 LTS, and 13.1.1 fix the problem described.
History

Wed, 03 Sep 2025 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-02T02:51:11.450Z

Reserved: 2024-05-02T06:36:32.438Z

Link: CVE-2024-34356

cve-icon Vulnrichment

Updated: 2024-08-02T02:51:11.450Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-14T16:17:24.750

Modified: 2025-09-03T17:34:28.887

Link: CVE-2024-34356

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-07-12T22:45:17Z