Go to: typo3.com Home TYPO3 Association Home typo3.org Home FLOW3 Bugtracker Forge (Development Platform) News Buzz (TYPO3 Blogs) Support (Mailinglist Archive, Beta) Wiki Mailing lists

Search:

 

Component Type: Core

Affected Components: showpic.php

Versions: TYPO3 3.8.0 and earlier

Vulnerability Type: Cross Site Scripting

Severity: High

 

Problem Description:
A Cross Site Scripting issue has been found in showpic.php.

 

Solution:

The solution is part of the general maintenance upgrade to TYPO3 version 3.8.1, which all users of TYPO3 are advised to implement. It contains a fixed version of the script.

Please note that due to this the images in typo3temp need to be cleared after upgrading, otherwise a "parameter mismatch" error message will be generated in "click enlarge" windows.

 

Credits:
Thanks to Martin Klaus for providing a fix.