[TYPO3-announce] Cross Site Scripting vulnerabilities in TYPO3 core
Henning Pingel
henning at typo3.org
Thu Nov 13 07:39:07 CET 2008
Dear users of TYPO3,
It has been discovered that TYPO3 core is susceptible to two Cross Site
Scripting (XSS) issues. The frontend plugin of system extension
"felogin" and the backend module "file" are vulnerable.
TYPO3 version 4.2.3 contains fixes for these issues. Please read the
entire security bulletins for more details:
Regarding the issue in backend module "file": TYPO3 Security Bulletin
TYPO3-20081113-1: Cross-Site Scripting vulnerability in TYPO3 Core
<http://typo3.org/teams/security/security-bulletins/typo3-20081113-1/>
Regarding the issue in system extension "felogin": TYPO3 Security
Bulletin TYPO3-20081113-2: Cross-Site Scripting vulnerability in TYPO3 Core
<http://typo3.org/teams/security/security-bulletins/typo3-20081113-2/>
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Cookbook:
<http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf>
Make sure you are subscribed to the TYPO3 Announce List:
<http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-announce>
You can find all TYPO3 security bulletins at:
<http://typo3.org/teams/security/security-bulletins/>
Regards,
Henning Pingel
henning at typo3.org
More information about the TYPO3-announce
mailing list