Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2009-3633

Опубликовано: 02 нояб. 2009
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
Версия до 4.0.12 (включая)
cpe:2.3:a:typo3:typo3:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:1.0.14:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:1.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:1.1.09:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:1.1.10:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:3.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:3.3.x:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:3.5:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:3.5.x:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:3.6.x:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:3.7.x:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:3.8:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:3.8.x:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.10:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.11:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.1.12:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.3:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.3:alpha1:*:*:*:*:*:*

EPSS

Процентиль: 59%
0.00382
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

ubuntu логотип

CVE-2009-3633

ubuntu
около 16 лет назад

Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.

debian логотип

CVE-2009-3633

debian
около 16 лет назад

Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalu ...

github логотип

GHSA-m7rg-85g8-28m9

github
больше 3 лет назад

TYPO3 API function vulnerable to Cross-site Scripting

EPSS

Процентиль: 59%
0.00382
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-352