Professional Content Management

Free and open source, TYPO3 CMS is the most widely used enterprise-level CMS.

Test TYPO3 now:

TYPO3 live demo

Inspire people to share

Offer your skills and contribute to the project. The community is growing and does more than just coding. 

A Community Effort

TYPO3 CMS is an Open Source project managed by the TYPO3 Association.

The Project

Do you have a question?

Ask the community or a professional partner.

SECURITY-BULLETIN-TYPO3-20060911-1-INDEXED-SEARCH: Security Bulletin TYPO3-20060911-1: indexed search

Categories: Security Created by Michael Hirdes
A Cross-Site-Scripting (XSS) problem has been discovered in indexed search.

Component Type: System Extension
This Extension is Part of the TYPO3 default installation

Affected Components: Indexed Search

Versions:  2.9.0 under TYPO3 4.x

Vulnerability Type: Cross Site Scripting

Severity: medium

The search word was not escaped correctly so a prepared URL (e.g. referenced in an email) could potentially contain some unwanted JavaScript code.

Solution:

Upgrade to TYPO3 4.0.2 or apply the Patch which is provided on the  security team page under the Security Bulletin

 

Credits: Special thanks to Mr. Ekkehard Gümbel who pointed this one out to us, and to Mr. Michael Stucki, who provided the Patch.