VYPR
Moderate severityNVD Advisory· Published Nov 2, 2009· Updated Jun 16, 2026

CVE-2009-3633

CVE-2009-3633

Description

Cross-site scripting (XSS) vulnerability in the t3lib_div::quoteJSvalue API function in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the sanitizing algorithm.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
typo3/cms-corePackagist
<= 4.0.13
typo3/cms-corePackagist
>= 4.1.0, < 4.1.134.1.13
typo3/cms-corePackagist
>= 4.2.0, < 4.2.104.2.10
typo3/cms-corePackagist
>= 4.3alpha1, < 4.3beta24.3beta2

Affected products

60
  • TYPO3/Typo359 versions
    cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*+ 58 more
    • cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*range: <=4.0.12
    • cpe:2.3:a:typo3:typo3:0.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:1.0.14:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:1.1.09:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:1.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:3.3.x:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:3.5.x:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:3.6.x:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:3.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:3.7.x:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:3.8.x:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.0.10:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.0.11:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.0.9:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.1.0:beta1:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.1.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.1.6:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.1.7:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.1.8:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.1.9:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:typo3:4.3:alpha1:*:*:*:*:*:*
  • ghsa-coords
    Range: <= 4.0.13

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.