[TYPO3-english] XSS vulnerability in weeaar_googlesitemap?
Olivier Dobberkau
olivier.dobberkau at dkd.de
Thu Sep 4 10:19:47 CEST 2014
Am 03.09.14 um 18:51 schrieb Daniel Neugebauer:
> Hi!
>
> I just got the note that weeaar_googlesitemap is supposed to be
> vulnerable to cross-site scripting [1]. Unfortunately there are no
> details if that vulnerability only affects backend or also frontend and
> if it is exploitable through other means than the PAGE TLO configured in
> TypoScript (eID maybe?).
>
> Can anyone share some more details to assess the risk of keeping that
> extension running despite the known vulnerability?
>
> Thanks,
> Daniel
Its common sense to ask the issuer of the bulletin instead of a public
forum.
please use security at typo3.org for such questions.
Olivier
More information about the TYPO3-english
mailing list