[TYPO3-english] XSS vulnerability in weeaar_googlesitemap?

[Daniel Neugebauer]

Hi!

I just got the note that weeaar_googlesitemap is supposed to be 
vulnerable to cross-site scripting [1]. Unfortunately there are no 
details if that vulnerability only affects backend or also frontend and 
if it is exploitable through other means than the PAGE TLO configured in 
TypoScript (eID maybe?).

Can anyone share some more details to assess the risk of keeping that 
extension running despite the known vulnerability?

Thanks,
Daniel

[1] 
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010/