PT-2009-6327 · Typo3 · Typo3 Direct Mail

Georg Ringer

Published

2009-12-02

Updated

2022-05-02

CVE-2009-4159

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions TYPO3 Direct Mail (direct mail) extension versions 2.6.4 and earlier

Description A cross-site scripting (XSS) issue exists in the newsletter configuration feature of the backend module. This allows remote authenticated users to inject arbitrary web script or HTML.

Recommendations For versions 2.6.4 and earlier, update to a version later than 2.6.4 to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2009-4159

GHSA-7X6F-JVMG-6FGP

Affected Products

Typo3 Direct Mail

PT-2009-6327 · Typo3 · Typo3 Direct Mail

CVE-2009-4159

Weakness Enumeration

Related Identifiers

Affected Products

References · 9