Packagist (Composer) package
typo3/cms-dashboard
pkg:composer/typo3/cms-dashboard
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-59017 | — | >= 10.0.0, < 12.4.37 | 12.4.37 | Sep 9, 2025 | Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules. | ||
| CVE-2024-55920 | — | >= 10.0.0, < 10.4.48 | 10.4.48 | Jan 14, 2025 | TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing a |
- CVE-2025-59017Sep 9, 2025affected >= 10.0.0, < 12.4.37fixed 12.4.37
Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules.
- CVE-2024-55920Jan 14, 2025affected >= 10.0.0, < 10.4.48fixed 10.4.48
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing a