Cross-Site Scripting Vulnerability in Commerce Extension for TYPO3
CVE-2009-4963

Currently unrated

Key Information:

Vendor: Typo3
Status: Commerce Extension
Vendor: CVE Published:; 28 July 2010

What is CVE-2009-4963?

A Cross-Site Scripting (XSS) vulnerability exists in the Commerce extension for TYPO3 prior to version 0.9.9. This flaw allows remote authenticated users to exploit the application and inject arbitrary web scripts or HTML into the interface. Such vulnerabilities can lead to unauthorized data exposure and could compromise the security of user sessions, making it crucial for administrators to update their TYPO3 installations and apply necessary patches to mitigate the risk.

References

http://www.vupen.com/english/advisories/2009/2409

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/36133

vdb-entryx_refsource_BID

http://typo3.org/teams/security/security-bulletins/typo3-...

x_refsource_CONFIRM

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jul 28, 2010

Typo3

What is CVE-2009-4963?

References

Timeline