CVE-2009-3629: XSS
First published: Mon Nov 02 2009(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/typo3/cms-backend | >=4.3alpha1<4.3beta2 | 4.3beta2 |
| composer/typo3/cms-backend | >=4.2.0<4.2.10 | 4.2.10 |
| composer/typo3/cms-backend | >=4.1.0<4.1.13 | 4.1.13 |
| composer/typo3/cms-backend | <=4.0.13 | |
| TYPO3 | <=4.0.13 | |
| TYPO3 | =4.0 | |
| TYPO3 | =4.0.1 | |
| TYPO3 | =4.0.2 | |
| TYPO3 | =4.0.3 | |
| TYPO3 | =4.0.4 | |
| TYPO3 | =4.0.5 | |
| TYPO3 | =4.0.6 | |
| TYPO3 | =4.0.7 | |
| TYPO3 | =4.0.8 | |
| TYPO3 | =4.0.9 | |
| TYPO3 | =4.0.10 | |
| TYPO3 | =4.0.11 | |
| TYPO3 | =4.0.12 | |
| TYPO3 | =4.1-beta | |
| TYPO3 | =4.1-rc1 | |
| TYPO3 | =4.1.0 | |
| TYPO3 | =4.1.0-beta1 | |
| TYPO3 | =4.1.0-rc1 | |
| TYPO3 | =4.1.1 | |
| TYPO3 | =4.1.2 | |
| TYPO3 | =4.1.3 | |
| TYPO3 | =4.1.4 | |
| TYPO3 | =4.1.5 | |
| TYPO3 | =4.1.6 | |
| TYPO3 | =4.1.7 | |
| TYPO3 | =4.1.8 | |
| TYPO3 | =4.1.9 | |
| TYPO3 | =4.1.10 | |
| TYPO3 | =4.1.11 | |
| TYPO3 | =4.1.12 | |
| TYPO3 | =4.2.0 | |
| TYPO3 | =4.2.1 | |
| TYPO3 | =4.2.2 | |
| TYPO3 | =4.2.3 | |
| TYPO3 | =4.2.4 | |
| TYPO3 | =4.2.5 | |
| TYPO3 | =4.2.6 | |
| TYPO3 | =4.2.7 | |
| TYPO3 | =4.2.8 | |
| TYPO3 | =4.2.9 | |
| TYPO3 | =4.3 | |
| TYPO3 | =4.3-alpha1 | |
| TYPO3 | =4.3-beta1 | |
| TYPO3 | =4.10 | |
| TYPO3 | =4.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/36801
- http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/
- http://secunia.com/advisories/37122
- http://www.vupen.com/english/advisories/2009/3009
- http://marc.info/?l=oss-security&m=125633199111438&w=2
- http://marc.info/?l=oss-security&m=125632856206736&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53918
- https://nvd.nist.gov/vuln/detail/CVE-2009-3629
- https://web.archive.org/web/20101223093042/http://www.securityfocus.com/bid/36801
- https://github.com/advisories/GHSA-g857-p997-wx7w (Advisory)
Frequently Asked Questions
What is the severity of CVE-2009-3629?
CVE-2009-3629 has been classified as a vulnerability that allows cross-site scripting (XSS), which can lead to unauthorized access or manipulation of web content.
How do I fix CVE-2009-3629?
To fix CVE-2009-3629, upgrade to TYPO3 versions 4.1.13, 4.2.10, or 4.3beta2 or later.
What systems are affected by CVE-2009-3629?
CVE-2009-3629 affects TYPO3 versions 4.0.13 and earlier, as well as specific 4.1.x, 4.2.x, and 4.3.x versions before the listed remedies.
Can CVE-2009-3629 be exploited remotely?
Yes, CVE-2009-3629 can be exploited remotely by authenticated users to inject arbitrary HTML or scripts.
Who is impacted by CVE-2009-3629?
Any remote authenticated users of TYPO3 versions vulnerable to CVE-2009-3629 may be able to exploit this vulnerability.
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-g857-p997-wx7w
- alias/CVE-2009-3629
- agent/software-canonical-lookup
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-cve
- source/NVD
- package-manager/composer
- vendor/typo3
- canonical/typo3 typo3
- version/typo3 typo3/4.0.13
- version/typo3 typo3/4.0
- version/typo3 typo3/4.0.1
- version/typo3 typo3/4.0.2
- version/typo3 typo3/4.0.3
- version/typo3 typo3/4.0.4
- version/typo3 typo3/4.0.5
- version/typo3 typo3/4.0.6
- version/typo3 typo3/4.0.7
- version/typo3 typo3/4.0.8
- version/typo3 typo3/4.0.9
- version/typo3 typo3/4.0.10
- version/typo3 typo3/4.0.11
- version/typo3 typo3/4.0.12
- version/typo3 typo3/4.1-beta
- version/typo3 typo3/4.1-rc1
- version/typo3 typo3/4.1.0
- version/typo3 typo3/4.1.0-beta1
- version/typo3 typo3/4.1.0-rc1
- version/typo3 typo3/4.1.1
- version/typo3 typo3/4.1.2
- version/typo3 typo3/4.1.3
- version/typo3 typo3/4.1.4
- version/typo3 typo3/4.1.5
- version/typo3 typo3/4.1.6
- version/typo3 typo3/4.1.7
- version/typo3 typo3/4.1.8
- version/typo3 typo3/4.1.9
- version/typo3 typo3/4.1.10
- version/typo3 typo3/4.1.11
- version/typo3 typo3/4.1.12
- version/typo3 typo3/4.2.0
- version/typo3 typo3/4.2.1
- version/typo3 typo3/4.2.2
- version/typo3 typo3/4.2.3
- version/typo3 typo3/4.2.4
- version/typo3 typo3/4.2.5
- version/typo3 typo3/4.2.6
- version/typo3 typo3/4.2.7
- version/typo3 typo3/4.2.8
- version/typo3 typo3/4.2.9
- version/typo3 typo3/4.3
- version/typo3 typo3/4.3-alpha1
- version/typo3 typo3/4.3-beta1
- version/typo3 typo3/4.10
- version/typo3 typo3/4.11