Dear TYPO3 users,
?
?
It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting
(XSS), Open Redirection, SQL Injection,?Broken Authentication and Session
Management, Insecure Randomness, Information Disclosure and Arbitrary Code
Execution.
?
Please read the following advisory for a description and solution of all
TYPO3 Core issues:
?
TYPO3 Security Bulletin TYPO3-SA-2010-012: Vulnerability in TYPO3 Core
<http: typo3.org teams security security-bulletins typo3-sa-2010-012></http:>
?
?
?
Please read the following advisory for a description and solution of the
"Front End User Registration" issue:
?
TYPO3 Security Bulletin TYPO3-SA-2010-013: Vulnerabilitiy in extension "Front
End User Registration" (sr_feuser_register)
<http: typo3.org teams security security-bulletins typo3-sa-2010-013></http:>
?
?
?
?
In general the TYPO3 Security Team recommends to read the following pages:
?
The TYPO3 Security Cookbook:
<http: typo3.org fileadmin security-team typo3_security_cookbook_v-0.5.pdf>
?
Make sure you are subscribed to the TYPO3 Announce List:
<http: lists.typo3.org cgi-bin mailman listinfo typo3-announce>
?
See all TYPO3 security advisories:
<http: typo3.org teams security security-bulletins></http:>
?
?
?
Regards,
?
Helmut Hummel
Member of the TYPO3 Security Team
Regards,
Helmut Hummel
Member of the TYPO3 Security Team
--
TYPO3 Security Team homepage: [1]http://typo3.org/teams/security/
E-Mail: security@typo3.org
Please note: When replying to this e-mail, please leave the header intact.
[1] <a href="http://typo3.org/teams/security/" target="_blank" rel="noreferrer">http://typo3.org/teams/security/</a></http:></http:>
