[TYPO3-announce] Security issues in TYPO3 extension phpMyAdmin and several other third party extensions

Henning Pingel henning at typo3.org
Mon Nov 10 07:19:19 CET 2008

Dear users of TYPO3,

It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is
vulnerable to Cross-Site Scripting.

Security issues have also been discovered in the following third
party TYPO3 extensions:

"advCalendar" (advcalendar),
"CMS Poll system" (cms_poll),
"eLuna Page Comments" (eluna_pagecomments),
"Wir ber uns" [sic] (fsmi_people),
"Dictionary" (rtgdictionary).

For further information, please read the following bulletins:

TYPO3 Security Bulletin TYPO3-20081110-1: Cross-Site Scripting
vulnerability in extension phpMyAdmin (phpmyadmin)


TYPO3 Collective Security Bulletin TYPO3-20081110-2: Several
vulnerabilities in third party extensions


In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Cookbook:

Make sure you are subscribed to the TYPO3 Announce List:

You can find all TYPO3 security bulletins at:


Henning Pingel
henning at typo3.org

More information about the TYPO3-announce mailing list