CVE-2009-0257
TYPO3 4.0.0-4.0.9, 4.1.0-4.1.7, 4.2.0-4.2.3 - Cross-Site Scripting
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.
References (9)
Core 9
Core References
Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33617
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48135
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2009/dsa-1711
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48136
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48137
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33376
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48133
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33679
Scores
EPSS
0.0070
EPSS Percentile
72.3%
Details
CWE
CWE-79
Status
published
Products (22)
typo3/typo3
4.0
typo3/typo3
4.0.1
typo3/typo3
4.0.2
typo3/typo3
4.0.3
typo3/typo3
4.0.4
typo3/typo3
4.0.5
typo3/typo3
4.0.6
typo3/typo3
4.0.7
typo3/typo3
4.0.8
typo3/typo3
4.0.9
... and 12 more
Published
Jan 22, 2009
Tracked Since
Feb 18, 2026