Skip to main navigation Skip to main content Skip to page footer
main logo main logo

Vulnerabilities in multiple third party TYPO3 CMS extensions

3 March 2016 ยท Nicole Cordes 
Dear TYPO3 users,

 

several vulnerabilities have been found in the following third party TYPO3
extensions:

 

"UTOPIA" (ics_utopia)

"List frontend users" (listfeusers)

"Google Sitemap" (enter_new_weeaar_googlesitemap)

"Fe user statistic" (festat)

"Extension Kickstarter" (kickstarter)

"Apache Solr for TYPO3" (solr)

 

For further information on the issues, please read the related advisories
TYPO3-EXT-SA-2016-001, TYPO3-EXT-SA-2016-002, TYPO3-EXT-SA-2016-003,
TYPO3-EXT-SA-2016-004, TYPO3-EXT-SA-2016-005 and TYPO3-EXT-SA-2016-006 which
were published today:

 

TYPO3-EXT-SA-2016-001: Information Disclosure in extension "UTOPIA"
(ics_utopia)

https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e
xt-sa-2016-001/

 

TYPO3-EXT-SA-2016-002: Cross-Site Scripting in extension "List frontend
users" (listfeusers)

https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e
xt-sa-2016-002/

 

TYPO3-EXT-SA-2016-003: Cross-Site Scripting in extension "Google Sitemap"
(enter_new_weeaar_googlesitemap)

https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e
xt-sa-2016-003/

 

TYPO3-EXT-SA-2016-004: Multiple vulnerabilities in extension "Fe user
statistic" (festat)

https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e
xt-sa-2016-004/

 

TYPO3-EXT-SA-2016-005: Cross-Site Scripting in extension "Extension
Kickstarter" (kickstarter)

https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e
xt-sa-2016-005/

 

TYPO3-EXT-SA-2016-006: Cross-Site Scripting in extension "Apache Solr for
TYPO3" (solr)

https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e
xt-sa-2016-006/

 

 

In general the TYPO3 Security Team recommends to read the following pages:

 

The TYPO3 Security Guide:

https://docs.typo3.org/typo3cms/SecurityGuide/

 

Make sure you are subscribed to the TYPO3 Announce List:

http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

 

See all TYPO3 security advisories:

https://typo3.org/teams/security/security-bulletins/

 

 

Regards,

 

Nicole Cordes

Member of the TYPO3 Security Team

 

--

TYPO3 Security Team homepage: https://typo3.org/teams/security/

 

E-Mail: security@typo3.org
Back to list