4.3
CVE-2009-3633
- EPSS 0.95%
- Veröffentlicht 02.11.2009 15:30:00
- Zuletzt bearbeitet 16.06.2026 23:12:03
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.95% | 0.566 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:P/A:N
|
CWE-352 Cross-Site Request Forgery (CSRF)
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
http://marc.info/?l=oss-security&m=125632856206736&w=2
http://secunia.com/advisories/37122
http://www.securityfocus.com/bid/36801
http://www.vupen.com/english/advisories/2009/3009
http://marc.info/?l=oss-security&m=125633199111438&w=2
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/
https://exchange.xforce.ibmcloud.com/vulnerabilities/53925