Security issues in third party TYPO3 extensions "Formhandler" (formhandler) and "Questionaire" (pbsurvey)

Dear TYPO3 users,

SQL Injection and Cross Site Scripting vulnerabilities have been found in the following third party
TYPO3 extension: "Formhandler" (formhandler)

For further information on the issues in extension "Formhandler" (formhandler),
please read the related advisory TYPO3-EXT-SA-2011-003 that was published today:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-003/


Cross Site Scripting vulnerabilities have been found in the following third party
TYPO3 extension: "Questionaire" (pbsurvey)

For further information on the issues in extension "Questionaire" (pbsurvey),
please read the related advisory TYPO3-EXT-SA-2011-004 that was published today:
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-004/




In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Cookbook:
http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf

Make sure you are subscribed to the TYPO3 Announce List:
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

See all TYPO3 security advisories:
http://typo3.org/teams/security/security-bulletins/



Regards,

Helmut Hummel
Member of the TYPO3 Security Team

--
TYPO3 Security Team homepage: http://typo3.org/teams/security/

E-Mail: security@typo3.org

_______________________________________________
TYPO3-announce mailing list
TYPO3-announce at lists.typo3.org
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce