Vigil@nce - TYPO3: vulnerabilities of extensions
June 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of TYPO3 extensions in
order to generate a Cross Site Scripting or to inject SQL code.
Severity: 2/4
Creation date: 08/06/2012
IMPACTED PRODUCTS
– TYPO3
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in TYPO3 extensions.
An attacker can generate an SQL injection in the "Basic SEO
Features" (seo_basics) extension. [severity:2/4;
TYPO3-EXT-SA-2012-007]
An attacker can generate a Cross Site Scripting in the "Ameos
Formidable" (ameos_formidable) extension. [severity:2/4;
TYPO3-EXT-SA-2012-008]
An attacker can generate a Cross Site Scripting in the "powermail"
(powermail) extension. [severity:2/4; TYPO3-EXT-SA-2012-009]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/TYPO3-vulnerabilities-of-extensions-11684