Miggo Logo
Miggo Vulnerability Database
CVE-2009-3629

CVE-2009-3629: TYPO3 Backend vulnerable to Cross-site Scripting

3.5

CVSS Score

Basic Information

CVE ID
CVE-2009-3629
GHSA ID
GHSA-g857-p997-wx7w
EPSS Score
0.51823%
CWE
CWE-79
Published
5/2/2022
Updated
2/8/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
AV:N/AC:M/Au:S/C:N/I:P/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
typo3/cms-backendcomposer<= 4.0.13
typo3/cms-backendcomposer>= 4.1.0, < 4.1.134.1.13
typo3/cms-backendcomposer>= 4.2.0, < 4.2.104.2.10
typo3/cms-backendcomposer>= 4.3alpha1, < 4.3beta24.3beta2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability information (CVE-2009-3629) describes backend XSS vulnerabilities via unspecified vectors. While the TYPO3 security bulletin and related discussions mention multiple XSS issues, they do not explicitly identify specific vulnerable functions in the backend component. The only explicitly named function t3lib_div::quoteJSvalue is associated with a separate CVE-2009-3633. Without access to patch details, commit diffs, or more specific technical documentation, we cannot confidently map the vulnerability to specific functions in the TYPO3 backend codebase. The 'unspecified vectors' description in the CVE indicates the exact vulnerable functions were not disclosed publicly.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Multipl* *ross-sit* s*riptin* (XSS) vuln*r**iliti*s in t** ***k*n* su**ompon*nt in TYPO* *.*.** *n* **rli*r, *.*.x ***or* *.*.**, *.*.x ***or* *.*.**, *n* *.*.x ***or* *.***t** *llow r*mot* *ut**nti**t** us*rs to inj**t *r*itr*ry w** s*ript or *TML v

Reasoning

T** provi*** vuln*r**ility in*orm*tion (*V*-****-****) **s*ri**s ***k*n* XSS vuln*r**iliti*s vi* unsp**i*i** v**tors. W*il* t** TYPO* s**urity *ull*tin *n* r*l*t** *is*ussions m*ntion multipl* XSS issu*s, t**y *o not *xpli*itly i**nti*y sp**i*i* vuln