CVE-2009-4948

Joachim Ruhs Locator < 1.2.6 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References (3)

[Vendor Advisory] http://secunia.com/advisories/34573

[Patch] http://typo3.org/extensions/repository/view/locator/1.2.8/

[Vendor Advisory] http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/

Scores

EPSS 0.0032

EPSS Percentile 54.9%

Classification

CWE

CWE-79

Status published

Affected Products (6)

joachim_ruhs/locator < 1.2.6

joachim_ruhs/locator

n/a/n/a

Timeline

Published Jul 22, 2010

Tracked Since Feb 18, 2026