Description

Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) content of indexed files to the (a) Indexed Search Engine (indexed_search) system extension; (b) unspecified test scripts in the ADOdb system extension; and (c) unspecified vectors in the Workspace module.

Remediation

References

CVE-2009-0257

Related Vulnerabilities

Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2017-1000353)

Apache Traffic Server Uncontrolled Resource Consumption Vulnerability (CVE-2018-8005)

Atlassian Confluence Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2020-4027)

Django Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-33571)

WordPress Plugin WP DSGVO Tools (GDPR) PHP Object Injection (2.0.4)

Severity

Medium

Classification

CVE-2009-0257 CWE-707

Tags

Missing Update Known Vulnerabilities