Skip to main navigation Skip to main content Skip to page footer
Become a Member

TYPO3-20051114-2: TYPO3 Security Bulletin

Categories: TYPO3 CMS Created by Ekkehard Gümbel

A Cross Site Scripting issue has been found in showpic.php.

 

Component Type: Core

 

Affected Components: showpic.php

 

Versions: TYPO3 3.8.0 and earlier

Vulnerability Type: Cross Site Scripting

Severity: High

 

Problem Description:
A Cross Site Scripting issue has been found in showpic.php.

 

Solution:

The solution is part of the general maintenance upgrade to TYPO3 version 3.8.1, which all users of TYPO3 are advised to implement. It contains a fixed version of the script.

Please note that due to this the images in typo3temp need to be cleared after upgrading, otherwise a "parameter mismatch" error message will be generated in "click enlarge" windows.

 

Credits:
Thanks to Martin Klaus for providing a fix.