Skip to main navigation Skip to main content Skip to page footer
main logo main logo

Security Bulletin TYPO3-20061010-1: fe_adminLib.inc

10 October 2006 ยท Michael Hirdes 
Dear users of TYPO3,

A Cross-Site-Scripting (XSS) problem has been discovered in fe_adminLib.inc

The "backURL" parameter is not escaped correctly. A prepared URL could
potentially contain some unwanted JavaScript code.

A patched Version has been released under [1] 

The upcoming release 4.0.3 of TYPO3 will contain this patch. 

Please see [1] for instruction how to patch your installations. 

Also the TYPO33 Security Cookbook has been released under [2] please have a 
look at this. 

on behalf of the Security Team, 
Michael Hirdes

[1] http://typo3.org/teams/security/security-bulletins/typo3-20061010-1/
[2] http://typo3.org/teams/security/

-- 
TYPO3 Security Team
http://typo3.org/teams/security
Back to list