Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0257

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-0257
Last Modified 29 Jan 2009 02:01:10
Published 22 Jan 2009 06:30:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-0257

Summary

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.

Vulnerable Systems

Application

  • Typo3 4.0

  • Typo3 4.0.1

  • Typo3 4.0.2

  • Typo3 4.0.3

  • Typo3 4.0.4

  • Typo3 4.0.5

  • Typo3 4.0.6

  • Typo3 4.0.7

  • Typo3 4.0.8

  • Typo3 4.0.9

  • Typo3 4.1.0

  • Typo3 4.1.1

  • Typo3 4.1.2

  • Typo3 4.1.3

  • Typo3 4.1.4

  • Typo3 4.1.5

  • Typo3 4.1.6

  • Typo3 4.1.7

  • Typo3 4.2.0

  • Typo3 4.2.1

  • Typo3 4.2.2

  • Typo3 4.2.3


References

XF - typo3-adodb-xss(48137)

XF - typo3-workspace-xss(48136)

XF - typo3-indexedsearchengine-xss(48135)

XF - typo3-library-session-hijacking(48133)

BID - 33376

DEBIAN - DSA-1711

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/

SECUNIA - 33679

SECUNIA - 33617


Last Updated: 27 May 2016 10:50:10