Lucene search

[email protected]CVE-2009-0816

HistoryMar 05, 2009 - 2:30 a.m.

CVE-2009-0816

2009-03-0502:30:00

CWE-79

[email protected]

web.nvd.nist.gov

typo3

xss

remote attackers

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the backend user interface in TYPO3 3.3.x through 3.8.x, 4.0 before 4.0.12, 4.1 before 4.1.10, 4.2 before 4.2.6, and 4.3alpha1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields.

Affected configurations

NVD

Node

typo3typo3Match4.0

typo3typo3Match4.0.1

typo3typo3Match4.0.2

typo3typo3Match4.0.3

typo3typo3Match4.0.4

typo3typo3Match4.0.5

typo3typo3Match4.0.6

typo3typo3Match4.0.7

typo3typo3Match4.0.8

typo3typo3Match4.0.9

typo3typo3Match4.0.10

typo3typo3Match4.0.11

typo3typo3Match4.1

typo3typo3Match4.1.1

typo3typo3Match4.1.2

typo3typo3Match4.1.3

typo3typo3Match4.1.4

typo3typo3Match4.1.5

typo3typo3Match4.1.6

typo3typo3Match4.1.7

typo3typo3Match4.1.8

typo3typo3Match4.1.9

typo3typo3Match4.2

typo3typo3Match4.2.1

typo3typo3Match4.2.2

typo3typo3Match4.2.3

typo3typo3Match4.2.4

typo3typo3Match4.2.5

CPENameOperatorVersion
typo3:typo3typo3eq4.0
typo3:typo3typo3eq4.0.1
typo3:typo3typo3eq4.0.2
typo3:typo3typo3eq4.0.3
typo3:typo3typo3eq4.0.4
typo3:typo3typo3eq4.0.5
typo3:typo3typo3eq4.0.6
typo3:typo3typo3eq4.0.7
typo3:typo3typo3eq4.0.8
typo3:typo3typo3eq4.0.9

CPE	Name	Operator	Version
typo3:typo3	typo3	eq	4.0
typo3:typo3	typo3	eq	4.0.1
typo3:typo3	typo3	eq	4.0.2
typo3:typo3	typo3	eq	4.0.3
typo3:typo3	typo3	eq	4.0.4
typo3:typo3	typo3	eq	4.0.5
typo3:typo3	typo3	eq	4.0.6
typo3:typo3	typo3	eq	4.0.7
typo3:typo3	typo3	eq	4.0.8
typo3:typo3	typo3	eq	4.0.9