CVE-2009-0816Cross-site Scripting in CMS

CWE-79Cross-site Scripting6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 47.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Typo3 CMSTypo3
Timeline
PublishedMar 5
Latest updateMay 2

Description

Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Packagisttypo3/cms4.04.0.12+3
NVDtypo3/typo328 versions+27

Patches

Patch: typo3.orgPatch: typo3.org

🔴Vulnerability Details

3
GHSA
Typo3 Backend XSS Vulnerability2022-05-02
OSV
Typo3 Backend XSS Vulnerability2022-05-02
CVEList
CVE-2009-0816: Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 32009-03-05

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows Outlook Express and Windows Mail - Integer Overflow2010-05-11

💬Community

1
Bugzilla
CVE-2009-0065 kernel: sctp: memory overflow when FWD-TSN chunk is received with bad stream ID [F9]2009-01-20
CVE-2009-0816 — Cross-site Scripting in Typo3 CMS | cvebase