Professional Content Management

Free and open source, TYPO3 CMS is the most widely used enterprise-level CMS.

Test TYPO3 now:

TYPO3 live demo

Inspire people to share

Offer your skills and contribute to the project. The community is growing and does more than just coding. 

A Community Effort

TYPO3 CMS is an Open Source project managed by the TYPO3 Association.

The Project

Do you have a question?

Ask the community or a professional partner.

SECURITY-BULLETIN-TYPO3-20060902-1-TIP-A-FRIEND: Security Bulletin TYPO3-20060902-1: tip-a-friend

Categories: Security Created by Michael Hirdes
A problem has been discovered with tip-a-friend being vulnerable to Cross-Site-Scripting (XSS)

Component Type: Third Party Extension. The extension is not part of the
TYPO3 default installation

Affected Components: tipafriend

Versions:  1.2.1 and earlier

Vulnerability Type: Cross Site Scripting

Severity:low

Problem Description:
A problem has been discovered in the extension, which allows attackers to send emails in the name of the website but with a prepared URL that contains HTML content. It is not possible to inster Javascript Code.

Solution:

An updated version 1.2.2 is available in the extension repository and at extensions.typo3.org/extensions/tipafriend

Users of the extension tipafriend are advised to update the extension immidiately.

 Credits: Special thanks to Rupert Germann, who is not the extension author, but volunteered to update the extension