Component Type: Third party extension. This extension is not part of the TYPO3 default installation.
Affected Versions: Version 1.9.3 and below
Vulnerability Type: SQL Injection, Cross Site Scripting
We have received indications that the flaw is already being
Problem Description: Some versions of the extension are exposed to SQL injection because they fail to properly sanitize user-supplied input. Besides that, some versions are not preventing Cross Site Scripting attacks properly.
Solution: An updated version is available from the TYPO3 extension manager and at
Follow the recommendations that are given in the TYPO3 SECURITY Guide.
Keep notice of the TYPO3 security bulletin page at typo3.org/teams/security/security-bulletins/.
Annotation: The TYPO3 Security Team wishes to clarify that we have not yet
been able to get in touch with the author, nor to accomplish a formal
review of the extension. This advisory is being published nevertheless,
because we have received indications that the flaw is already being