Dear users of TYPO3,
It has been discovered that TYPO3 core is susceptible to two Cross Site
Scripting (XSS) issues. The frontend plugin of system extension
"felogin" and the backend module "file" are vulnerable.
TYPO3 version 4.2.3 contains fixes for these issues. Please read the
entire security bulletins for more details:
Regarding the issue in backend module "file": TYPO3 Security Bulletin
TYPO3-20081113-1: Cross-Site Scripting vulnerability in TYPO3 Core
<http: typo3.org teams security security-bulletins typo3-20081113-1></http:>
Regarding the issue in system extension "felogin": TYPO3 Security
Bulletin TYPO3-20081113-2: Cross-Site Scripting vulnerability in TYPO3 Core
<http: typo3.org teams security security-bulletins typo3-20081113-2></http:>
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Cookbook:
<http: typo3.org fileadmin security-team typo3_security_cookbook_v-0.5.pdf>
Make sure you are subscribed to the TYPO3 Announce List:
<http: lists.netfielders.de cgi-bin mailman listinfo typo3-announce>
You can find all TYPO3 security bulletins at:
<http: typo3.org teams security security-bulletins></http:>
Regards,
Henning Pingel
henning@typo3.org</http:></http:>
