CVE-2009-4963

Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Published Bycve@mitre.org

Published DateJul 28, 2010, 14:43

Affected Versions(1)

commerceteam/commerce(Packagist)

Introduced0.9.6

Fixed0.9.9

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
commerceteam/commerce(Packagist)	0.9.6	0.9.9	N/A

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

3.5

Vector String

AV:N/AC:M/Au:S/C:N/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

NONE

References

http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-011/
http://www.securityfocus.com/bid/36133
http://www.vupen.com/english/advisories/2009/2409

Weakness Type (CWE):CWE-79

CVSS Metrics

Base Score

3.5

Vector String

AV:N/AC:M/Au:S/C:N/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

NONE