cvelistv5 - cve-2009-0257

CVE-2009-0257 (GCVE-0-2009-0257)

Vulnerability from cvelistv5 – Published: 2009-01-22 23:00 – Updated: 2024-08-07 04:24

Summary

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://typo3.org/teams/security/security-bulletin…	x_refsource_CONFIRM
	http://secunia.com/advisories/33617	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.debian.org/security/2009/dsa-1711	vendor-advisoryx_refsource_DEBIAN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.securityfocus.com/bid/33376	vdb-entryx_refsource_BID
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/33679	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:24:18.512Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
          },
          {
            "name": "33617",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33617"
          },
          {
            "name": "typo3-indexedsearchengine-xss(48135)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48135"
          },
          {
            "name": "DSA-1711",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1711"
          },
          {
            "name": "typo3-workspace-xss(48136)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48136"
          },
          {
            "name": "typo3-adodb-xss(48137)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48137"
          },
          {
            "name": "33376",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33376"
          },
          {
            "name": "typo3-library-session-hijacking(48133)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
          },
          {
            "name": "33679",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33679"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
        },
        {
          "name": "33617",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33617"
        },
        {
          "name": "typo3-indexedsearchengine-xss(48135)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48135"
        },
        {
          "name": "DSA-1711",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1711"
        },
        {
          "name": "typo3-workspace-xss(48136)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48136"
        },
        {
          "name": "typo3-adodb-xss(48137)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48137"
        },
        {
          "name": "33376",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33376"
        },
        {
          "name": "typo3-library-session-hijacking(48133)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
        },
        {
          "name": "33679",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33679"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0257",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/",
              "refsource": "CONFIRM",
              "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
            },
            {
              "name": "33617",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33617"
            },
            {
              "name": "typo3-indexedsearchengine-xss(48135)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48135"
            },
            {
              "name": "DSA-1711",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1711"
            },
            {
              "name": "typo3-workspace-xss(48136)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48136"
            },
            {
              "name": "typo3-adodb-xss(48137)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48137"
            },
            {
              "name": "33376",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33376"
            },
            {
              "name": "typo3-library-session-hijacking(48133)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
            },
            {
              "name": "33679",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33679"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0257",
    "datePublished": "2009-01-22T23:00:00",
    "dateReserved": "2009-01-22T00:00:00",
    "dateUpdated": "2024-08-07T04:24:18.512Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25EAE65C-1E17-48CD-B48C-E0BC09FB6596\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"501A9157-044A-4856-8092-418D7329EED3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4EA47174-9BC4-4B74-8618-6A7B0773553B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A13146E-EC04-4354-9123-BC7CB292C66A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8F27B173-8D10-47F7-8450-F8808A918295\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D1FAD0A-6B98-476B-BCD2-361996CA1C36\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AE992D57-AF82-4BF0-96E8-98110C0AEBF3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7A9A484F-C34D-4885-8125-D9C8725EEB4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DCCB2DE6-4407-4E40-8574-9C813183565B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E19647A4-C422-42D0-863B-5B6E0B08BFAA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC2F89D7-D34C-4ADD-8A9E-34C37122C3C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"273F2E33-0655-46DE-9397-E16658B4BD8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"3B8F7039-4117-4D53-ABE8-99C10518D351\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"161E310F-F2D8-40B3-8390-8C52ACDD0B72\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96D69530-AE74-4012-B522-01D0B6B01662\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5514D17F-95A5-48C5-9F91-554F8D3C3DF7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E46E35EC-FF7B-4510-A5F2-FC230B7477B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A671ED2-91AA-4447-8996-A8A16FE753A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D93919E9-B3E8-483E-A701-D87570127207\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDDEAF6A-8A99-4872-98CC-12BD54515B07\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D8185B9-D244-43B3-9DF1-FF137A2108DD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en TYPO3 v4.0.0 a v4.0.9, v4.1.0 a 4.1.7 y v4.2.0 a v4.2.3, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\\u00f3n mediante el (1) nombre y (2) el contenido de ficheros indexados para (a) la extensi\\u00f3n del sistema Indexed Search Engine (indexed_search), (b) comandos de prueba no especificados en la extensi\\u00f3n del sistema ADOb y (c) vectores no especificados en el m\\u00f3dulo Workspace.\"}]",
      "id": "CVE-2009-0257",
      "lastModified": "2024-11-21T00:59:27.717",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2009-01-22T23:30:04.453",
      "references": "[{\"url\": \"http://secunia.com/advisories/33617\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/33679\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2009/dsa-1711\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/33376\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/48133\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/48135\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/48136\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/48137\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/33617\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://secunia.com/advisories/33679\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2009/dsa-1711\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/33376\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/48133\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/48135\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/48136\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/48137\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0257\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-01-22T23:30:04.453\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en TYPO3 v4.0.0 a v4.0.9, v4.1.0 a 4.1.7 y v4.2.0 a v4.2.3, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el (1) nombre y (2) el contenido de ficheros indexados para (a) la extensi\u00f3n del sistema Indexed Search Engine (indexed_search), (b) comandos de prueba no especificados en la extensi\u00f3n del sistema ADOb y (c) vectores no especificados en el m\u00f3dulo Workspace.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25EAE65C-1E17-48CD-B48C-E0BC09FB6596\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"501A9157-044A-4856-8092-418D7329EED3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4EA47174-9BC4-4B74-8618-6A7B0773553B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A13146E-EC04-4354-9123-BC7CB292C66A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8F27B173-8D10-47F7-8450-F8808A918295\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D1FAD0A-6B98-476B-BCD2-361996CA1C36\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AE992D57-AF82-4BF0-96E8-98110C0AEBF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A9A484F-C34D-4885-8125-D9C8725EEB4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCCB2DE6-4407-4E40-8574-9C813183565B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E19647A4-C422-42D0-863B-5B6E0B08BFAA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC2F89D7-D34C-4ADD-8A9E-34C37122C3C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"273F2E33-0655-46DE-9397-E16658B4BD8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B8F7039-4117-4D53-ABE8-99C10518D351\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"161E310F-F2D8-40B3-8390-8C52ACDD0B72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96D69530-AE74-4012-B522-01D0B6B01662\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5514D17F-95A5-48C5-9F91-554F8D3C3DF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E46E35EC-FF7B-4510-A5F2-FC230B7477B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A671ED2-91AA-4447-8996-A8A16FE753A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D93919E9-B3E8-483E-A701-D87570127207\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDDEAF6A-8A99-4872-98CC-12BD54515B07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D8185B9-D244-43B3-9DF1-FF137A2108DD\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/33617\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33679\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1711\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/33376\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48133\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48135\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48136\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48137\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/33617\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/33679\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1711\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/33376\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48135\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48136\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/48137\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GHSA-JXPX-9MQ9-JJWG

Vulnerability from github – Published: 2022-05-02 03:13 – Updated: 2025-04-09 04:03

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2009-0257"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2009-01-22T23:30:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.",
  "id": "GHSA-jxpx-9mq9-jjwg",
  "modified": "2025-04-09T04:03:19Z",
  "published": "2022-05-02T03:13:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-0257"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48135"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48136"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48137"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33617"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/33679"
    },
    {
      "type": "WEB",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2009/dsa-1711"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/33376"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTA-2009-AVI-024

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans TYPO3 permettent une exécution de commandes arbitraires à distance, diverses injections de code indirectes ou un contournement de la politique de sécurité.

Description

De multiples vulnérabilités ont été découvertes dans TYPO3 :

la clé de chiffrement utilisée par TYPO3 a une faible entropie ;
les jetons de session ne sont pas correctement invalidés et peuvent être rejoués ;
le moteur de recherche indexée ne filtre pas correctement les paramètres, ce qui permet une exécution de commandes arbitraires à distance. Par ailleurs, le nom et le contenu des fichiers à indexer ne sont pas non plus correctement filtrés, ce qui permet de réaliser des attaques de type cross-site scripting ;
des attaques de type cross-site scripting sont possibles via les composants ADOdb et Workspace.

Solution

Mettre à jour TYPO3 en version 4.0.10, 4.1.8 ou 4.2.4. L'application des mises à jour ne suffit pas à corriger toutes les vulnérabilités, il est également nécessaire de créer une nouvelle clé de chiffrement. Cette procédure est décrite dans le bulletin de sécurité de l'éditeur (voir section Documentation).

None

Impacted products

Vendor	Product	Description
Typo3	Typo3	TYPO3 versions 4.2.0 à 4.2.3.
Typo3	Typo3	TYPO3 versions 4.0.0 à 4.0.9 ;
Typo3	Typo3	TYPO3 versions 4.1.0 à 4.1.7 ;

References

Title

Publication Time

Tags

Bulletin de sécurité TYPO3-SA-2009-001	None	vendor-advisory
Référence CVE CVE-2009-0258 :	-	other
Référence CVE CVE-2009-0257 :	-	other
Référence CVE CVE-2009-0255 :	-	other
Référence CVE CVE-2009-0256 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions 4.2.0 \u00e0 4.2.3.",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.0.0 \u00e0 4.0.9 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.1.0 \u00e0 4.1.7 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TYPO3 :\n\n-   la cl\u00e9 de chiffrement utilis\u00e9e par TYPO3 a une faible entropie ;\n-   les jetons de session ne sont pas correctement invalid\u00e9s et peuvent\n    \u00eatre rejou\u00e9s ;\n-   le moteur de recherche index\u00e9e ne filtre pas correctement les\n    param\u00e8tres, ce qui permet une ex\u00e9cution de commandes arbitraires \u00e0\n    distance. Par ailleurs, le nom et le contenu des fichiers \u00e0 indexer\n    ne sont pas non plus correctement filtr\u00e9s, ce qui permet de r\u00e9aliser\n    des attaques de type cross-site scripting ;\n-   des attaques de type cross-site scripting sont possibles via les\n    composants ADOdb et Workspace.\n\n## Solution\n\nMettre \u00e0 jour TYPO3 en version 4.0.10, 4.1.8 ou 4.2.4. L\u0027application des\nmises \u00e0 jour ne suffit pas \u00e0 corriger toutes les vuln\u00e9rabilit\u00e9s, il est\n\u00e9galement n\u00e9cessaire de cr\u00e9er une nouvelle cl\u00e9 de chiffrement. Cette\nproc\u00e9dure est d\u00e9crite dans le bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (voir\nsection Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0257"
    },
    {
      "name": "CVE-2009-0255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0255"
    },
    {
      "name": "CVE-2009-0256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0256"
    },
    {
      "name": "CVE-2009-0258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0258"
    }
  ],
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0258 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-258"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0257 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-257"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0255 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-255"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0256 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-256"
    }
  ],
  "reference": "CERTA-2009-AVI-024",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-01-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injections de code indirectes"
    },
    {
      "description": "Ex\u00e9cution de commandes arbitraires \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eTYPO3\u003c/span\u003e\npermettent une ex\u00e9cution de commandes arbitraires \u00e0 distance, diverses\ninjections de code indirectes ou un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3-SA-2009-001",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
    }
  ]
}

CERTA-2009-AVI-024

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités dans TYPO3 permettent une exécution de commandes arbitraires à distance, diverses injections de code indirectes ou un contournement de la politique de sécurité.

Description

De multiples vulnérabilités ont été découvertes dans TYPO3 :

la clé de chiffrement utilisée par TYPO3 a une faible entropie ;
les jetons de session ne sont pas correctement invalidés et peuvent être rejoués ;
le moteur de recherche indexée ne filtre pas correctement les paramètres, ce qui permet une exécution de commandes arbitraires à distance. Par ailleurs, le nom et le contenu des fichiers à indexer ne sont pas non plus correctement filtrés, ce qui permet de réaliser des attaques de type cross-site scripting ;
des attaques de type cross-site scripting sont possibles via les composants ADOdb et Workspace.

Solution

None

Impacted products

Vendor	Product	Description
Typo3	Typo3	TYPO3 versions 4.2.0 à 4.2.3.
Typo3	Typo3	TYPO3 versions 4.0.0 à 4.0.9 ;
Typo3	Typo3	TYPO3 versions 4.1.0 à 4.1.7 ;

References

Title

Publication Time

Tags

Bulletin de sécurité TYPO3-SA-2009-001	None	vendor-advisory
Référence CVE CVE-2009-0258 :	-	other
Référence CVE CVE-2009-0257 :	-	other
Référence CVE CVE-2009-0255 :	-	other
Référence CVE CVE-2009-0256 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions 4.2.0 \u00e0 4.2.3.",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.0.0 \u00e0 4.0.9 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.1.0 \u00e0 4.1.7 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TYPO3 :\n\n-   la cl\u00e9 de chiffrement utilis\u00e9e par TYPO3 a une faible entropie ;\n-   les jetons de session ne sont pas correctement invalid\u00e9s et peuvent\n    \u00eatre rejou\u00e9s ;\n-   le moteur de recherche index\u00e9e ne filtre pas correctement les\n    param\u00e8tres, ce qui permet une ex\u00e9cution de commandes arbitraires \u00e0\n    distance. Par ailleurs, le nom et le contenu des fichiers \u00e0 indexer\n    ne sont pas non plus correctement filtr\u00e9s, ce qui permet de r\u00e9aliser\n    des attaques de type cross-site scripting ;\n-   des attaques de type cross-site scripting sont possibles via les\n    composants ADOdb et Workspace.\n\n## Solution\n\nMettre \u00e0 jour TYPO3 en version 4.0.10, 4.1.8 ou 4.2.4. L\u0027application des\nmises \u00e0 jour ne suffit pas \u00e0 corriger toutes les vuln\u00e9rabilit\u00e9s, il est\n\u00e9galement n\u00e9cessaire de cr\u00e9er une nouvelle cl\u00e9 de chiffrement. Cette\nproc\u00e9dure est d\u00e9crite dans le bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (voir\nsection Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0257"
    },
    {
      "name": "CVE-2009-0255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0255"
    },
    {
      "name": "CVE-2009-0256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0256"
    },
    {
      "name": "CVE-2009-0258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0258"
    }
  ],
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0258 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-258"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0257 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-257"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0255 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-255"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0256 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-256"
    }
  ],
  "reference": "CERTA-2009-AVI-024",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-01-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injections de code indirectes"
    },
    {
      "description": "Ex\u00e9cution de commandes arbitraires \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eTYPO3\u003c/span\u003e\npermettent une ex\u00e9cution de commandes arbitraires \u00e0 distance, diverses\ninjections de code indirectes ou un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3-SA-2009-001",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
    }
  ]
}

GSD-2009-0257

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2009-0257

Aliases

CVE-2009-0257

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2009-0257",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.",
    "id": "GSD-2009-0257",
    "references": [
      "https://www.debian.org/security/2009/dsa-1711"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2009-0257"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.",
      "id": "GSD-2009-0257",
      "modified": "2023-12-13T01:19:43.633517Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2009-0257",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/",
            "refsource": "CONFIRM",
            "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
          },
          {
            "name": "33617",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33617"
          },
          {
            "name": "typo3-indexedsearchengine-xss(48135)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48135"
          },
          {
            "name": "DSA-1711",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2009/dsa-1711"
          },
          {
            "name": "typo3-workspace-xss(48136)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48136"
          },
          {
            "name": "typo3-adodb-xss(48137)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48137"
          },
          {
            "name": "33376",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/33376"
          },
          {
            "name": "typo3-library-session-hijacking(48133)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
          },
          {
            "name": "33679",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/33679"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0257"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
            },
            {
              "name": "33376",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/33376"
            },
            {
              "name": "33617",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/33617"
            },
            {
              "name": "33679",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/33679"
            },
            {
              "name": "DSA-1711",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2009/dsa-1711"
            },
            {
              "name": "typo3-adodb-xss(48137)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48137"
            },
            {
              "name": "typo3-workspace-xss(48136)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48136"
            },
            {
              "name": "typo3-indexedsearchengine-xss(48135)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48135"
            },
            {
              "name": "typo3-library-session-hijacking(48133)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-08-08T01:33Z",
      "publishedDate": "2009-01-22T23:30Z"
    }
  }
}

FKIE_CVE-2009-0257

Vulnerability from fkie_nvd - Published: 2009-01-22 23:30 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/33617	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/33679
cve@mitre.org	http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2009/dsa-1711
cve@mitre.org	http://www.securityfocus.com/bid/33376
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/48133
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/48135
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/48136
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/48137
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33617	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33679
af854a3a-2127-422b-91ae-364da2661108	http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2009/dsa-1711
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33376
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/48133
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/48135
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/48136
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/48137

Impacted products

Vendor	Product	Version
typo3	typo3	4.0
typo3	typo3	4.0.1
typo3	typo3	4.0.2
typo3	typo3	4.0.3
typo3	typo3	4.0.4
typo3	typo3	4.0.5
typo3	typo3	4.0.6
typo3	typo3	4.0.7
typo3	typo3	4.0.8
typo3	typo3	4.0.9
typo3	typo3	4.1.0
typo3	typo3	4.1.0
typo3	typo3	4.1.0
typo3	typo3	4.1.1
typo3	typo3	4.1.2
typo3	typo3	4.1.3
typo3	typo3	4.1.4
typo3	typo3	4.1.5
typo3	typo3	4.1.6
typo3	typo3	4.1.7
typo3	typo3	4.2.0
typo3	typo3	4.2.1
typo3	typo3	4.2.2
typo3	typo3	4.2.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "25EAE65C-1E17-48CD-B48C-E0BC09FB6596",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "501A9157-044A-4856-8092-418D7329EED3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EA47174-9BC4-4B74-8618-6A7B0773553B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A13146E-EC04-4354-9123-BC7CB292C66A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F27B173-8D10-47F7-8450-F8808A918295",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1FAD0A-6B98-476B-BCD2-361996CA1C36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE992D57-AF82-4BF0-96E8-98110C0AEBF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A9A484F-C34D-4885-8125-D9C8725EEB4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCCB2DE6-4407-4E40-8574-9C813183565B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "E19647A4-C422-42D0-863B-5B6E0B08BFAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC2F89D7-D34C-4ADD-8A9E-34C37122C3C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "273F2E33-0655-46DE-9397-E16658B4BD8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "3B8F7039-4117-4D53-ABE8-99C10518D351",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "161E310F-F2D8-40B3-8390-8C52ACDD0B72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6B33D32-4D59-4768-A2C6-9DC7CD30F5E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4679B5DF-25FA-40E9-A322-DF1FF1BC7E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "96D69530-AE74-4012-B522-01D0B6B01662",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5514D17F-95A5-48C5-9F91-554F8D3C3DF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E46E35EC-FF7B-4510-A5F2-FC230B7477B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A671ED2-91AA-4447-8996-A8A16FE753A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D93919E9-B3E8-483E-A701-D87570127207",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6B1326B-CB9E-4B40-85BD-05AF52E6A1D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDEAF6A-8A99-4872-98CC-12BD54515B07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D8185B9-D244-43B3-9DF1-FF137A2108DD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en TYPO3 v4.0.0 a v4.0.9, v4.1.0 a 4.1.7 y v4.2.0 a v4.2.3, permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante el (1) nombre y (2) el contenido de ficheros indexados para (a) la extensi\u00f3n del sistema Indexed Search Engine (indexed_search), (b) comandos de prueba no especificados en la extensi\u00f3n del sistema ADOb y (c) vectores no especificados en el m\u00f3dulo Workspace."
    }
  ],
  "id": "CVE-2009-0257",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2009-01-22T23:30:04.453",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33617"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/33679"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2009/dsa-1711"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/33376"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48135"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48136"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48137"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33617"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/33679"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2009/dsa-1711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48137"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2009-0257 (GCVE-0-2009-0257)

GHSA-JXPX-9MQ9-JJWG

CERTA-2009-AVI-024

Description

Solution

CERTA-2009-AVI-024

Description

Solution

GSD-2009-0257

FKIE_CVE-2009-0257

Tags

Sightings

Nomenclature