CVE-2009-3633

Name of the Vulnerable Software and Affected Versions TYPO3 versions 4.0.13 and earlier TYPO3 versions 4.1.x before 4.1.13 TYPO3 versions 4.2.x before 4.2.10 TYPO3 versions 4.3.x before 4.3beta2

Description A cross-site scripting (XSS) issue exists in the t3lib div::quoteJSvalue API function, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.

Recommendations For TYPO3 versions 4.0.13 and earlier, update to a version later than 4.0.13. For TYPO3 versions 4.1.x before 4.1.13, update to version 4.1.13 or later. For TYPO3 versions 4.2.x before 4.2.10, update to version 4.2.10 or later. For TYPO3 versions 4.3.x before 4.3beta2, update to version 4.3beta2 or later. As a temporary workaround, consider restricting access to the t3lib div::quoteJSvalue API function until a patch is available.