Component Type: Core
Affected Components: showpic.php
Versions: TYPO3 3.8.0 and earlier
Vulnerability Type: Cross Site Scripting
A Cross Site Scripting issue has been found in showpic.php.
The solution is part of the general maintenance upgrade to TYPO3 version 3.8.1, which all users of TYPO3 are advised to implement. It contains a fixed version of the script.
Please note that due to this the images in typo3temp need to be cleared after upgrading, otherwise a "parameter mismatch" error message will be generated in "click enlarge" windows.
Thanks to Martin Klaus for providing a fix.