CROSS-SITE-SCRIPTING-VULNERABILITIES-IN-TYPO3-CORE: Cross Site Scripting vulnerabilities in TYPO3 core

Categories: Security Created by Henning Pingel
It has been discovered that TYPO3 core is susceptible to two Cross Site Scripting (XSS) issues. The frontend plugin of system extension "felogin" and the backend module "file" are vulnerable.

TYPO3 version 4.2.3 contains fixes for these issues. Please read the entire security bulletins for more details:

Regarding the issue in backend module "file":

TYPO3 Security Bulletin TYPO3-20081113-1: Cross-Site Scripting vulnerability in TYPO3 Core

Regarding the issue in system extension "felogin":

TYPO3 Security Bulletin TYPO3-20081113-2: Cross-Site Scripting vulnerability in TYPO3 Core


We also recommend that you subscribe to the TYPO3 Announce List to receive all future security bulletins and other important TYPO3 news.