Freely subscribe to our NEWSLETTER

Vigil@nce: TYPO3, vulnerabilities of extensions

April 2010 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/

SYNTHESIS OF THE VULNERABILITY

An attacker can use several vulnerabilities of TYPO3 extensions in
order to generate a Cross Site Scripting or to inject SQL code.

– Severity: 2/4
– Creation date: 14/04/2010

DESCRIPTION OF THE VULNERABILITY

Several vulnerabilities were announced in TYPO3 extensions.

An attacker can generate a Cross Site Scripting in Frontend User
Registration (sr_feuser_register). [severity:2/4;
TYPO3-SA-2010-009]

An attacker can generate a Cross Site Scripting in Tip-A-Friend
(tipafriend). [severity:2/4; BID-39475, TYPO3-SA-2010-010]

An attacker can generate a SQL injection in 404 Error Page
Handling (error_404_handling). [severity:2/4; BID-39476,
TYPO3-SA-2010-011]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

See previous articles