Security Bulletins

Multiple vulnerabilities in third-party extensions

Authors: Marcus Krause, Category: TYPO3 Extension August 11, 2010

Several vulnerabilities have been found in the following third party TYPO3 extensions: Event (event), Fe user statistic (festat), JW Calendar (jw_calendar), Questionnaire (ke_questionnaire), Branchenbuch [Yellow Pages] (mh_branchenbuch), Webkit PDFs (webkitpdf), xaJax Shoutbox (vx_xajax_shoutbox)


Multiple vulnerabilities in TYPO3 Core

Authors: Helmut Hummel, Category: TYPO3 CMS July 28, 2010

It has been discovered that TYPO3 Core is vulnerable to Cross-Site Scripting (XSS), Open Redirection, SQL Injection, Broken Authentication and Session Management, Insecure Randomness, Information Disclosure, Arbitrary Code Execution