CVE-2009-4159

Name of the Vulnerable Software and Affected Versions TYPO3 Direct Mail (direct mail) extension versions 2.6.4 and earlier

Description A cross-site scripting (XSS) issue exists in the newsletter configuration feature of the backend module. This allows remote authenticated users to inject arbitrary web script or HTML.

Recommendations For versions 2.6.4 and earlier, update to a version later than 2.6.4 to resolve the issue.