Vulnerabilities in multiple third party TYPO3 CMS extensions
Dear TYPO3 users, several vulnerabilities have been found in the following third party TYPO3 extensions: "Browser - TYPO3 without PHP" (browser) "Questionnaire" (ke_questionnaire) "Static Methods since 2007" (div2007) "http:BL Blocking" (mh_httpbl) "MMC directmail subscription" (mmc_directmail_subscription) For further information on the issues, please read the related advisories TYPO3-EXT-SA-2016-013, TYPO3-EXT-SA-2016-014, TYPO3-EXT-SA-2016-015, TYPO3-EXT-SA-2016-016 and TYPO3-EXT-SA-2016-017 which were published today: TYPO3-EXT-SA-2016-013: SQL Injection in extension "Browser - TYPO3 without PHP" (browser) https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-013/ TYPO3-EXT-SA-2016-014: Information Disclosure in extension "Questionnaire" (ke_questionnaire) https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-014/ TYPO3-EXT-SA-2016-015: Non-Persistent Cross-Site Scripting in extension "Static Methods since 2007" (div2007) https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-015/ TYPO3-EXT-SA-2016-016: Multiple vulnerabilities in extension "http:BL Blocking" (mh_httpbl) https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-016/ TYPO3-EXT-SA-2016-017: Information Disclosure in "MMC directmail subscription" (mmc_directmail_subscription) https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2016-017/ In general the TYPO3 Security Team recommends to read the following pages: The TYPO3 Security Guide: https://docs.typo3.org/typo3cms/SecurityGuide/ Make sure you are subscribed to the TYPO3 Announce List: http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce See all TYPO3 security advisories: https://typo3.org/teams/security/security-bulletins/ Regards, Nicole Cordes Member of the TYPO3 Security Team -- TYPO3 Security Team homepage: https://typo3.org/teams/security/ E-Mail: security@typo3.org