fkie_nvd - fkie_cve-2010-0326

fkie_cve-2010-0326

Vulnerability from fkie_nvd

Published

2010-01-15 19:30

Modified

2025-04-09 00:30

Severity ?

Summary

Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/38164	Vendor Advisory
cve@mitre.org	http://typo3.org/extensions/repository/view/devlog/2.9.2/	Patch
cve@mitre.org	http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38164	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://typo3.org/extensions/repository/view/devlog/2.9.2/	Patch
af854a3a-2127-422b-91ae-364da2661108	http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
francois_suter	devlog	*
francois_suter	devlog	2.0.0
francois_suter	devlog	2.1.0
francois_suter	devlog	2.2.0
francois_suter	devlog	2.3.0
francois_suter	devlog	2.3.1
francois_suter	devlog	2.3.2
francois_suter	devlog	2.3.3
francois_suter	devlog	2.4.0
francois_suter	devlog	2.5.0
francois_suter	devlog	2.6.0
francois_suter	devlog	2.7.0
francois_suter	devlog	2.8.0
francois_suter	devlog	2.9.0
rene_fritz	devlog	1.1.0
typo3	typo3	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:francois_suter:devlog:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0E8D4F3-BCF0-4313-AF93-20E76E6BBA04",
              "versionEndIncluding": "2.9.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francois_suter:devlog:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E72DDE83-0ED6-4A56-BF9A-28A872349FD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francois_suter:devlog:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BA62F96-CC41-4A05-855F-359821EC90C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francois_suter:devlog:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11791D7C-F737-4EFC-9002-B1286E286D5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francois_suter:devlog:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "127CBC3F-C22B-4763-A7E3-591FA3817C79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francois_suter:devlog:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88656B43-B567-4950-8F59-0BE3B4E3837C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francois_suter:devlog:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F53630A-3358-476F-AB79-8B28361CF2EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francois_suter:devlog:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D95E74F0-2B72-486C-A857-54F31ED807CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francois_suter:devlog:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB71575D-881B-4F5D-AF95-04C70F8A2D2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francois_suter:devlog:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B0C11BC-28AD-4C7E-B6B2-CA1F5A6D608F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francois_suter:devlog:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B7F1904-262F-4D1C-9559-4E26DBACE04B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francois_suter:devlog:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "193F798D-8C54-4539-BC63-11FB753D8556",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francois_suter:devlog:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D756CF70-F5F5-4D00-B9FD-E77BBF2A5E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:francois_suter:devlog:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E227EF68-D078-4F77-AAEA-7ADDDEFBBFFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:rene_fritz:devlog:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80A3D33A-A63F-45E6-BE01-EDEAEC7084C0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the Developer log (devlog) extension 2.9.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la extensi\u00f3n de TYPO3 de registro de Desarrollo (devlog) v2.9.1 y anteriores permite a atacantes remotos inyectar HTML o scripts web a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2010-0326",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-01-15T19:30:00.597",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38164"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://typo3.org/extensions/repository/view/devlog/2.9.2/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/38164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://typo3.org/extensions/repository/view/devlog/2.9.2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2010-0326 (GCVE-0-2010-0326)

Vulnerability from cvelistv5

Published

2010-01-15 19:00