[TYPO3-announce] Security Bulletin TYPO3-20061010-1: fe_adminLib.inc
Michael Hirdes
dodger at typo3.org
Tue Oct 10 15:43:07 CEST 2006
Dear users of TYPO3,
A Cross-Site-Scripting (XSS) problem has been discovered in fe_adminLib.inc
The "backURL" parameter is not escaped correctly. A prepared URL could
potentially contain some unwanted JavaScript code.
A patched Version has been released under [1]
The upcoming release 4.0.3 of TYPO3 will contain this patch.
Please see [1] for instruction how to patch your installations.
Also the TYPO33 Security Cookbook has been released under [2] please have a
look at this.
on behalf of the Security Team,
Michael Hirdes
[1] http://typo3.org/teams/security/security-bulletins/typo3-20061010-1/
[2] http://typo3.org/teams/security/
--
TYPO3 Security Team
http://typo3.org/teams/security
More information about the TYPO3-announce
mailing list