In association with heise online

13 November 2008, 14:58

Security update for Typo3

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Version 4.2.3 of the Typo3 content management system deals with two cross-site scripting vulnerabilities that allow an attacker to inject and execute JavaScript. The attacker would normally exploit the vulnerability to steal access data. The bugs are located in the felogin system extension and the file backend module. The felogin vulnerability can be exploited simply by tricking a user to follow a specially crafted link. However, the developers claim that the bug in file can only be exploited if the target is a backend user or if the attacker is in possession of information about the server's web folder structure. Versions 4.2.x are affected. Users of the felogin extension should update their system as soon as possible. Earlier this week, a collective security bulletin was issued describing vulnerabilities in a number of Typo3 third party extensions.

See also


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit