TYPO3 version 4.2.3 contains fixes for these issues. Please read the entire security bulletins for more details:
Regarding the issue in backend module "file":
TYPO3 Security Bulletin TYPO3-20081113-1: Cross-Site Scripting vulnerability in TYPO3 Core
Regarding the issue in system extension "felogin":
TYPO3 Security Bulletin TYPO3-20081113-2: Cross-Site Scripting vulnerability in TYPO3 Core
We also recommend that you subscribe to the TYPO3 Announce List to receive all future security bulletins and other important TYPO3 news.