VYPR
Low severityNVD Advisory· Published Jul 28, 2010· Updated Jun 16, 2026

CVE-2009-4963

CVE-2009-4963

Description

Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
commerceteam/commercePackagist
>= 0.9.6, < 0.9.90.9.9

Affected products

8
  • cpe:2.3:a:typo3:commerce_extension:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:typo3:commerce_extension:*:*:*:*:*:*:*:*range: <=0.9.8
    • cpe:2.3:a:typo3:commerce_extension:0.8.32:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:commerce_extension:0.8.35:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:commerce_extension:0.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:commerce_extension:0.9.5:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:commerce_extension:0.9.6:*:*:*:*:*:*:*
    • cpe:2.3:a:typo3:commerce_extension:0.9.7:*:*:*:*:*:*:*
  • ghsa-coords
    Range: >= 0.9.6, < 0.9.9

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.