CVE-2009-0257

TYPO3 4.0.0-4.2.3 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.

References (9)

[Vendor Advisory] http://secunia.com/advisories/33617

[Vendor Advisory] http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/48133

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/48135

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/48136

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/33376

[Third Party Advisory] http://www.debian.org/security/2009/dsa-1711

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/48137

[Third Party Advisory] http://secunia.com/advisories/33679

Scores

EPSS 0.0070

EPSS Percentile 71.8%

Classification

CWE

CWE-79

Status published

Affected Products (25)

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

typo3/typo3

... and 10 more

Timeline

Published Jan 22, 2009

Tracked Since Feb 18, 2026