CVE-2009-4159

Published Dec 2, 2009

Last updated 15 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in the newsletter configuration feature in the backend module in the Direct Mail (direct_mail) extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "41285CAD-7BEF-4654-826F-A88C9C7988A3",
            "versionEndIncluding": "2.6.4"
          },
          {
            "criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B03A18CF-1422-4074-8CE0-F00957ACC5B3"
          },
          {
            "criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "586E7D50-2989-42B5-B260-C74E8540058E"
          },
          {
            "criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EC89EF6-5413-4ED9-A10D-F2A0A0334B50"
          },
          {
            "criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F860B9E-2976-4688-9B35-4570BB20C608"
          },
          {
            "criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A098F808-8E6A-4780-9A10-94E5F0F04F31"
          },
          {
            "criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "400BF448-5A45-4AAF-8622-5B0D6FC00E85"
          },
          {
            "criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0533D2C-B43D-4C90-8BD1-DA805FC427D1"
          },
          {
            "criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD686FD0-8C55-434A-A36A-B8736AB54213"
          },
          {
            "criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09BEB78C-81CF-4D4C-A7AF-CC78916DC4EE"
          },
          {
            "criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BEC92BBB-95F6-46FE-B80B-093F8F1190A8"
          },
          {
            "criteria": "cpe:2.3:a:ivan_kartolo:direct_mail:2.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B596E00D-3993-4521-9241-68494C4E9B0F"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References