In association with heise online

06 March 2009, 10:40

Vulnerabilities in TYPO3 extensions

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The TYPO3 developers have issued an advisory on vulnerabilities in third party extensions. Accessibility Glossary (a21glossary) and Flat Manager (flatmgr) are both vulnerable to SQL injection attacks and Calendar Base (cal) suffers from a cross-site scripting vulnerability.

While the developers of cal and flatmgr have issued updates, which are now available in the TYPO3 Extension Repository, the TYPO3 developers have been unable to contact the author of a21glossary. Because of the high severity of the issue and the lack of a security update, the developers have removed a21glossary from the extension repository and recommend that users un-install the extension.

See also:

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-740381
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit