Component Type: System Extension
This Extension is Part of the TYPO3 default installation
Affected Components: Indexed Search
Versions: 2.9.0 under TYPO3 4.x
Vulnerability Type: Cross Site Scripting
Upgrade to TYPO3 4.0.2 or apply the Patch which is provided on the security team page under the Security Bulletin
Credits: Special thanks to Mr. Ekkehard Gümbel who pointed this one out to us, and to Mr. Michael Stucki, who provided the Patch.