CVE-2009-4963

TYPO3 Commerce Extension < 0.9.9 - Authenticated Cross-Site Scripting

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

References (3)

Core 3
Core References
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2409
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36133

Scores

EPSS 0.0021
EPSS Percentile 43.1%

Details

CWE
CWE-79
Status published
Products (8)
commerceteam/commerce 0.9.6 - 0.9.9Packagist
typo3/commerce_extension 0.8.32
typo3/commerce_extension 0.8.35
typo3/commerce_extension 0.9.0
typo3/commerce_extension 0.9.5
typo3/commerce_extension 0.9.6
typo3/commerce_extension 0.9.7
typo3/commerce_extension < 0.9.8
Published Jul 28, 2010
Tracked Since Feb 18, 2026