Vigil@nce: TYPO3, vulnerabilities of extensions
April 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of TYPO3 extensions in
order to generate a Cross Site Scripting or to inject SQL code.
– Severity: 2/4
– Creation date: 14/04/2010
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in TYPO3 extensions.
An attacker can generate a Cross Site Scripting in Frontend User
Registration (sr_feuser_register). [severity:2/4;
TYPO3-SA-2010-009]
An attacker can generate a Cross Site Scripting in Tip-A-Friend
(tipafriend). [severity:2/4; BID-39475, TYPO3-SA-2010-010]
An attacker can generate a SQL injection in 404 Error Page
Handling (error_404_handling). [severity:2/4; BID-39476,
TYPO3-SA-2010-011]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/TYPO3-vulnerabilities-of-extensions-9587