CVE-2009-0257

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/48137

https://exchange.xforce.ibmcloud.com/vulnerabilities/48136

https://exchange.xforce.ibmcloud.com/vulnerabilities/48135

https://exchange.xforce.ibmcloud.com/vulnerabilities/48133

http://www.securityfocus.com/bid/33376

http://www.debian.org/security/2009/dsa-1711

http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/

http://secunia.com/advisories/33679

http://secunia.com/advisories/33617

Details

Source: Mitre, NVD

Published: 2009-01-22

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium