GHSA-m7rg-85g8-28m9

Source

https://github.com/advisories/GHSA-m7rg-85g8-28m9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m7rg-85g8-28m9/GHSA-m7rg-85g8-28m9.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-m7rg-85g8-28m9

Aliases

CVE-2009-3633

Published

2022-05-02T03:47:10Z

Modified

2024-02-08T22:12:11.245986Z

Summary

TYPO3 API function vulnerable to Cross-site Scripting

Details

Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.

Database specific

{
    "nvd_published_at": "2009-11-02T15:30:00Z",
    "cwe_ids": [
        "CWE-352"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-02-08T21:57:47Z"
}

References

Affected packages

Packagist / typo3/cms-core

Package

Name: typo3/cms-core
Purl: pkg:composer/typo3/cms-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.0.13

Packagist / typo3/cms-core

Package

Name: typo3/cms-core
Purl: pkg:composer/typo3/cms-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.1.13

Packagist / typo3/cms-core

Package

Name: typo3/cms-core
Purl: pkg:composer/typo3/cms-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.2.0

Fixed

4.2.10

Packagist / typo3/cms-core

Package

Name: typo3/cms-core
Purl: pkg:composer/typo3/cms-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.3alpha1

Fixed

4.3beta2