[TYPO3-UG Russia] Fwd: [TYPO3-announce] Security Bulletin TYPO3-20061010-1: fe_adminLib.inc
Michael Shigorin
mike at osdn.org.ua
Tue Oct 10 16:31:51 CEST 2006
----- Forwarded message from Michael Hirdes <dodger/typo3.org> -----
Date: Tue, 10 Oct 2006 15:43:07 +0200
From: Michael Hirdes <dodger/typo3.org>
To: typo3-announce/lists.netfielders.de
Subject: [TYPO3-announce] Security Bulletin TYPO3-20061010-1: fe_adminLib.inc
Dear users of TYPO3,
A Cross-Site-Scripting (XSS) problem has been discovered in fe_adminLib.inc
The "backURL" parameter is not escaped correctly. A prepared URL could
potentially contain some unwanted JavaScript code.
A patched Version has been released under [1]
The upcoming release 4.0.3 of TYPO3 will contain this patch.
Please see [1] for instruction how to patch your installations.
Also the TYPO33 Security Cookbook has been released under [2] please have a
look at this.
on behalf of the Security Team,
Michael Hirdes
[1] http://typo3.org/teams/security/security-bulletins/typo3-20061010-1/
[2] http://typo3.org/teams/security/
--
TYPO3 Security Team
http://typo3.org/teams/security
_______________________________________________
TYPO3-announce mailing list
TYPO3-announce/lists.netfielders.de
http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-announce
----- End forwarded message -----
--
---- WBR, Michael Shigorin <mike at altlinux.ru>
------ Linux.Kiev http://www.linux.kiev.ua/
More information about the TYPO3-russia
mailing list