TYPO3 updates close File Uploader vulnerability
This vulnerability could have been exploited by an attacker to execute arbitrary code in a browser session and conduct cross-site scripting (XSS) attacks. Versions 4.5.0 to 4.5.16, 4.6.0 to 4.6.9, 4.7.0 and 4.7.1, as well as the 6.0 branch development releases are affected; upgrading to TYPO3 4.5.17, 4.6.10 or 4.7.2 resolves the problem.
Further information about the updates, including a full list of bug fixes, can be found in the 4.5.17, 4.6.10 and 4.7.2 release notes, and in the security advisory. The updates are available to download from the project's site. All users are advised to update their installations as soon as possible. TYPO3 is licensed under the GPLv2 or later.
- Cross-Site Scripting Vulnerability in TYPO3 Core, security advisory from TYPO3.