Low severityNVD Advisory· Published Jul 28, 2010· Updated Jun 16, 2026
CVE-2009-4963
CVE-2009-4963
Description
Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
commerceteam/commercePackagist | >= 0.9.6, < 0.9.9 | 0.9.9 |
Affected products
8cpe:2.3:a:typo3:commerce_extension:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:typo3:commerce_extension:*:*:*:*:*:*:*:*range: <=0.9.8
- cpe:2.3:a:typo3:commerce_extension:0.8.32:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:commerce_extension:0.8.35:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:commerce_extension:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:commerce_extension:0.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:commerce_extension:0.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:commerce_extension:0.9.7:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
7- typo3.org/teams/security/security-bulletins/typo3-sa-2009-011/nvdPatchVendor Advisory
- www.vupen.com/english/advisories/2009/2409nvdPatchVendor Advisory
- github.com/advisories/GHSA-rmc9-5546-5rrfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2009-4963ghsaADVISORY
- web.archive.org/web/20091124075813/http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-011ghsaWEB
- web.archive.org/web/20200228211059/http://www.securityfocus.com/bid/36133ghsaWEB
- www.securityfocus.com/bid/36133nvd
News mentions
0No linked articles in our index yet.