[TYPO3-english] XSS vulnerability in weeaar_googlesitemap?
Michael Schams
typo3.lists at 2014.trash.schams.net
Thu Sep 4 14:15:36 CEST 2014
On 04/09/14 18:19, Olivier Dobberkau wrote:
>> I just got the note that weeaar_googlesitemap is supposed to be
>> vulnerable to cross-site scripting [1]. Unfortunately there are no
>> details if that vulnerability only affects backend or also frontend and
>> if it is exploitable through other means than the PAGE TLO configured in
>> TypoScript (eID maybe?).
>>
>> Can anyone share some more details to assess the risk of keeping that
>> extension running despite the known vulnerability?
>
> Its common sense to ask the issuer of the bulletin instead of a public
> forum. please use security at typo3.org for such questions.
...but in general: (quote) "The extension author failed in providing a
security fix for the reported vulnerability in a decent amount of time.
Please uninstall and delete the extension folder from your installation."
I would consider following this advice :-) and/or look for alternatives
asap.
Cheers
Michael
More information about the TYPO3-english
mailing list