Vulnerabilities in TYPO3 extensions
The TYPO3 developers have issued an advisory on vulnerabilities in third party extensions. Accessibility Glossary (a21glossary) and Flat Manager (flatmgr) are both vulnerable to SQL injection attacks and Calendar Base (cal) suffers from a cross-site scripting vulnerability.
While the developers of cal and flatmgr have issued updates, which are now available in the TYPO3 Extension Repository, the TYPO3 developers have been unable to contact the author of a21glossary. Because of the high severity of the issue and the lack of a security update, the developers have removed a21glossary from the extension repository and recommend that users un-install the extension.
- TYPO3-SA-2009-003: Several vulnerabilities in third party extensions, TYPO3 security bulletin.