CVE-2009-4804

Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters."
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 53%
VendorProductVersion
mario_matzullacalendar_base
𝑥
≤ 1.1.0
mario_matzullacalendar_base
0.9.0
mario_matzullacalendar_base
0.10.0
mario_matzullacalendar_base
0.11.0
mario_matzullacalendar_base
0.12.0
mario_matzullacalendar_base
0.12.1
mario_matzullacalendar_base
0.13.0
mario_matzullacalendar_base
0.13.1
mario_matzullacalendar_base
0.14.0
mario_matzullacalendar_base
0.14.1
mario_matzullacalendar_base
0.15.0
mario_matzullacalendar_base
0.15.1
mario_matzullacalendar_base
0.15.2
mario_matzullacalendar_base
0.15.3
mario_matzullacalendar_base
0.15.4
mario_matzullacalendar_base
0.15.5
mario_matzullacalendar_base
0.16.0
mario_matzullacalendar_base
0.16.1
mario_matzullacalendar_base
0.16.2
mario_matzullacalendar_base
0.16.3
mario_matzullacalendar_base
0.16.4
mario_matzullacalendar_base
0.16.5
mario_matzullacalendar_base
0.16.6
mario_matzullacalendar_base
0.17.0
mario_matzullacalendar_base
0.17.1
mario_matzullacalendar_base
0.17.2
mario_matzullacalendar_base
0.17.3
mario_matzullacalendar_base
1.0.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/34155
http://typo3.org/extensions/repository/view/cal/1.1.1/
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/
http://www.securityfocus.com/bid/33996
http://secunia.com/advisories/34155
http://typo3.org/extensions/repository/view/cal/1.1.1/
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-003/
http://www.securityfocus.com/bid/33996