PT-2009-5906 · Typo3 · Typo3
Christian Weiske
·
Published
2009-11-02
·
Updated
2022-05-02
·
CVE-2009-3633
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions 4.0.13 and earlier
TYPO3 versions 4.1.x before 4.1.13
TYPO3 versions 4.2.x before 4.2.10
TYPO3 versions 4.3.x before 4.3beta2
Description
A cross-site scripting (XSS) issue exists in the
t3lib div::quoteJSvalue API function, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.Recommendations
For TYPO3 versions 4.0.13 and earlier, update to a version later than 4.0.13.
For TYPO3 versions 4.1.x before 4.1.13, update to version 4.1.13 or later.
For TYPO3 versions 4.2.x before 4.2.10, update to version 4.2.10 or later.
For TYPO3 versions 4.3.x before 4.3beta2, update to version 4.3beta2 or later.
As a temporary workaround, consider restricting access to the
t3lib div::quoteJSvalue API function until a patch is available.Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Typo3