CVE-2009-0257: XSS
First published: Thu Jan 22 2009(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TYPO3 | =4.1.1 | |
| TYPO3 | =4.1.0-beta1 | |
| TYPO3 | =4.1.6 | |
| TYPO3 | =4.2.0 | |
| TYPO3 | =4.0.5 | |
| TYPO3 | =4.0.3 | |
| TYPO3 | =4.2.3 | |
| TYPO3 | =4.1.4 | |
| TYPO3 | =4.0.4 | |
| TYPO3 | =4.2.1 | |
| TYPO3 | =4.0.1 | |
| TYPO3 | =4.1.7 | |
| TYPO3 | =4.1.0 | |
| TYPO3 | =4.1.0-rc1 | |
| TYPO3 | =4.0.2 | |
| TYPO3 | =4.0.7 | |
| TYPO3 | =4.0 | |
| TYPO3 | =4.2.2 | |
| TYPO3 | =4.0.8 | |
| TYPO3 | =4.1.3 | |
| TYPO3 | =4.0.6 | |
| TYPO3 | =4.0.9 | |
| TYPO3 | =4.1.5 | |
| TYPO3 | =4.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
- http://www.securityfocus.com/bid/33376
- http://secunia.com/advisories/33617
- http://secunia.com/advisories/33679
- http://www.debian.org/security/2009/dsa-1711
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48137
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48136
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48135
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48133
Frequently Asked Questions
What is the severity of CVE-2009-0257?
CVE-2009-0257 is classified as having a high severity risk due to its potential to enable cross-site scripting attacks.
How do I fix CVE-2009-0257?
To fix CVE-2009-0257, upgrade TYPO3 to a version that is not affected by this vulnerability, specifically versions later than 4.2.3.
Which versions of TYPO3 are affected by CVE-2009-0257?
CVE-2009-0257 affects TYPO3 versions 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3.
What type of vulnerability is CVE-2009-0257?
CVE-2009-0257 is categorized as a cross-site scripting (XSS) vulnerability.
Can CVE-2009-0257 be exploited by remote attackers?
Yes, CVE-2009-0257 allows remote attackers to inject arbitrary web scripts or HTML.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/description
- agent/event
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/typo3
- canonical/typo3 typo3
- version/typo3 typo3/4.1.1
- version/typo3 typo3/4.1.0-beta1
- version/typo3 typo3/4.1.6
- version/typo3 typo3/4.2.0
- version/typo3 typo3/4.0.5
- version/typo3 typo3/4.0.3
- version/typo3 typo3/4.2.3
- version/typo3 typo3/4.1.4
- version/typo3 typo3/4.0.4
- version/typo3 typo3/4.2.1
- version/typo3 typo3/4.0.1
- version/typo3 typo3/4.1.7
- version/typo3 typo3/4.1.0
- version/typo3 typo3/4.1.0-rc1
- version/typo3 typo3/4.0.2
- version/typo3 typo3/4.0.7
- version/typo3 typo3/4.0
- version/typo3 typo3/4.2.2
- version/typo3 typo3/4.0.8
- version/typo3 typo3/4.1.3
- version/typo3 typo3/4.0.6
- version/typo3 typo3/4.0.9
- version/typo3 typo3/4.1.5
- version/typo3 typo3/4.1.2