CVE-2009-3633 – typo3/cms-core

Package

Manager: composer
Name: typo3/cms-core
Vulnerable Version: >=0 <=4.0.13 || >=4.1.0 <4.1.13 || >=4.2.0 <4.2.10 || >=4.3alpha1 <4.3beta2

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

EPSS: 0.00382 pctl0.58819

Details

TYPO3 API function vulnerable to Cross-site Scripting Cross-site scripting (XSS) vulnerability in the `t3lib_div::quoteJSvalue` API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.

Metadata

Created: 2022-05-02T03:47:10Z
Modified: 2024-02-08T21:57:47Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m7rg-85g8-28m9/GHSA-m7rg-85g8-28m9.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-m7rg-85g8-28m9
Finding: F007
Auto approve: 1