http://news.typo3.org/ news.typo3.org: The TYPO3 news resource http://news.typo3.org/ http://news.typo3.org/fileadmin/news.typo3.org/xmlicon.gif http://news.typo3.org/news/article/security-bulletin-typo3-20080513-4-multiple-vulnerabilities-in-extension-statistics-ke-stats/ It has been discovered that the extension Statistics (ke_stats) is vulnerable to Blind SQL Injection attacks. Also, a Cross Site Scripting issue has been found. http://news.typo3.org/news/article/security-bulletin-typo3-20080513-3-cross-site-scripting-vulnerability-in-extension-event-database/ It has been discovered that the extension Event Database (rlmp_eventdb) is susceptible to Cross Site Scripting (XSS) attacks. http://news.typo3.org/news/article/security-bulletin-typo3-20080513-2-cross-site-scripting-vulnerability-in-extension-questionaire-pb/ It has been discovered that the extension Questionaire (pbsurvey) is susceptible to Cross Site Scripting (XSS) attacks. http://news.typo3.org/news/article/security-bulletin-typo3-20080513-1-multiple-vulnerabilities-in-extension-wt-gallery-wt-gallery/ It has been discovered that the extension WT Gallery (wt_gallery) is susceptible to Path Traversal and Cross Site Scripting (XSS) attacks. Besides that, it may disclose sensitive information. http://news.typo3.org/news/article/security-bulletin-typo3-20080505-2-cross-site-scripting-vulnerability-in-extension-powermail/ It has been discovered that the extension powermail is susceptible to Cross Site Scripting (XSS) attacks. http://news.typo3.org/news/article/security-bulletin-typo3-20080505-1-multiple-vulnerabilities-in-extension-mailformplus-th-mailformp/ It has been discovered that the extension MailformPlus (th_mailformplus) is susceptible to Cross Site Scripting (XSS) attacks and allows Remote Code Execution. http://news.typo3.org/news/article/security-bulletin-typo3-20080416-2-sql-injections-in-extensions-pmk-rssnewsexport-and-cm-rdfexport/ It has been discovered that the extensions pmk_rssnewsexport and cm_rdfexport are vulnerable to SQL Injection attacks. http://news.typo3.org/news/article/security-bulletin-typo3-20080416-1-multiple-vulnerabilities-in-extension-de-phpot/ It has been discovered that the extension de_phpot is vulnerable to multiple SQL Injection flaws and other types of security issues. http://news.typo3.org/news/article/typo3-security-bulletin-20071210-1-sql-injection-in-system-extension-indexed-search/ It has been discovered that the system extension indexed_search is vulnerable to a SQL Injection flaw. http://news.typo3.org/news/article/typo3-security-bulletin-20070919-1-multiple-vulnerabilities-in-extension-mm-forum/ It has been discovered that the extension mm_forum is vulnerable to multiple SQL Injection attacks and multiple XSS flaws alongside other vulnerabilities.