Moderate severityNVD Advisory· Published Oct 28, 2009· Updated Apr 23, 2026
CVE-2009-3821
CVE-2009-3821
Description
Cross-site scripting (XSS) vulnerability in the Apache Solr Search (solr) extension 1.0.0 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apache-solr-for-typo3/solrPackagist | < 1.0.1 | 1.0.1 |
Affected products
1Patches
15192f489a13fFixed an XSS issue, thanks to Marcus Krause
3 files changed · +6 −2
ChangeLog+4 −0 modified@@ -1,3 +1,7 @@ +2009-09-16 Ingo Renner <ingo.renner@dkd.de> + + * Fixed an XSS issue + 2009-09-15 Ingo Renner <ingo.renner@dkd.de> * Initial Public Release of the community version \ No newline at end of file
pi_results/class.tx_solr_pi_results_formcommand.php+1 −1 modified@@ -50,7 +50,7 @@ public function execute() { $testSearchWord = t3lib_div::GParrayMerged('tx_solr'); if (trim($testSearchWord['q'])) { - $searchWord = trim($testSearchWord['q']); + $searchWord = t3lib_div::removeXSS(trim($testSearchWord['q'])); } $marker = array(
pi_results/class.tx_solr_pi_results_noresultscommand.php+1 −1 modified@@ -42,7 +42,7 @@ public function __construct(tslib_pibase $parentPlugin) { } public function execute() { - $searchWord = trim($this->parentPlugin->piVars['q']); + $searchWord = t3lib_div::removeXSS(trim($this->parentPlugin->piVars['q'])); $nothingFound = strtr( $this->parentPlugin->pi_getLL('no_results_nothing_found'),
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- typo3.org/teams/security/security-bulletins/typo3-sa-2009-014/nvdPatchVendor Advisory
- github.com/advisories/GHSA-2q2r-xgj5-h3hmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2009-3821ghsaADVISORY
- typo3.org/teams/security/security-bulletins/typo3-sa-2009-014ghsaWEB
- github.com/TYPO3-Solr/ext-solr/commit/5192f489a13ff9417d7b57c63420187789beea5bghsaWEB
News mentions
0No linked articles in our index yet.