CVE-2009-3633Cross-Site Request Forgery in Cms-core

CWE-352Cross-Site Request Forgery4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 40.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Typo3 Cms-coreTypo3
Timeline
PublishedNov 2
Latest updateMay 2

Description

Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Packagisttypo3/cms-core4.1.04.1.13+3
NVDtypo3/typo34.0.12+55

Patches

Patch: typo3.orgPatch: www.securityfocus.comPatch: www.vupen.com

🔴Vulnerability Details

3
OSV
TYPO3 API function vulnerable to Cross-site Scripting2022-05-02
GHSA
TYPO3 API function vulnerable to Cross-site Scripting2022-05-02
CVEList
CVE-2009-3633: Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 42009-11-02
CVE-2009-3633 — Cross-Site Request Forgery in Cms-core | cvebase