[TYPO3-UG Russia] Fwd: [TYPO3-announce] Cross Site Scripting vulnerabilities in TYPO3 core
Michael Shigorin
mike at osdn.org.ua
Thu Nov 13 15:20:23 CET 2008
----- Forwarded message from Henning Pingel <henning/typo3.org> -----
Date: Thu, 13 Nov 2008 07:39:07 +0100
From: Henning Pingel <henning/typo3.org>
To: typo3-announce/lists.netfielders.de
Subject: [TYPO3-announce] Cross Site Scripting vulnerabilities in TYPO3 core
Dear users of TYPO3,
It has been discovered that TYPO3 core is susceptible to two Cross Site
Scripting (XSS) issues. The frontend plugin of system extension
"felogin" and the backend module "file" are vulnerable.
TYPO3 version 4.2.3 contains fixes for these issues. Please read the
entire security bulletins for more details:
Regarding the issue in backend module "file": TYPO3 Security Bulletin
TYPO3-20081113-1: Cross-Site Scripting vulnerability in TYPO3 Core
<http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/>
Regarding the issue in system extension "felogin": TYPO3 Security
Bulletin TYPO3-20081113-2: Cross-Site Scripting vulnerability in TYPO3 Core
<http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/>
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Cookbook:
<http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf>
Make sure you are subscribed to the TYPO3 Announce List:
<http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-announce>
You can find all TYPO3 security bulletins at:
<http://typo3.org/teams/security/security-bulletins/>
Regards,
Henning Pingel
henning/typo3.org
_______________________________________________
TYPO3-announce mailing list
TYPO3-announce/lists.netfielders.de
http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-announce
----- End forwarded message -----
--
---- WBR, Michael Shigorin <mike at altlinux.ru>
------ Linux.Kiev http://www.linux.kiev.ua/
More information about the TYPO3-russia
mailing list