Component Type: Core
Affected Components: showpic.php
Versions: TYPO3 3.8.0 and earlier
Vulnerability Type: Cross Site Scripting
Severity: High
Problem Description:
A Cross Site Scripting issue has been found in showpic.php.
Solution:
The solution is part of the general maintenance upgrade to TYPO3 version 3.8.1, which all users of TYPO3 are advised to implement. It contains a fixed version of the script.
Please note that due to this the images in typo3temp need to be cleared after upgrading, otherwise a "parameter mismatch" error message will be generated in "click enlarge" windows.
Credits:
Thanks to Martin Klaus for providing a fix.