Cross Site Scripting vulnerabilities in TYPO3 core

By: Henning Pingel

It has been discovered that TYPO3 core is susceptible to two Cross Site Scripting (XSS) issues. The frontend plugin of system extension "felogin" and the backend module "file" are vulnerable.

TYPO3 version 4.2.3 contains fixes for these issues. Please read the entire security bulletins for more details:

 

Regarding the issue in backend module "file":

TYPO3 Security Bulletin TYPO3-20081113-1: Cross-Site Scripting vulnerability in TYPO3 Core

 

Regarding the issue in system extension "felogin":

TYPO3 Security Bulletin TYPO3-20081113-2: Cross-Site Scripting vulnerability in TYPO3 Core

 

We also recommend that you subscribe to the TYPO3 Announce List to receive all future security bulletins and other important TYPO3 news.

---