TYPO3-20051114-2: TYPO3 Security Bulletin

Categories: TYPO3 CMS Created by Ekkehard Gümbel
A Cross Site Scripting issue has been found in showpic.php.

Component Type: Core

Affected Components: showpic.php

Versions: TYPO3 3.8.0 and earlier

Vulnerability Type: Cross Site Scripting

Severity: High

Problem Description:
A Cross Site Scripting issue has been found in showpic.php.

Solution:

The solution is part of the general maintenance upgrade to TYPO3 version 3.8.1, which all users of TYPO3 are advised to implement. It contains a fixed version of the script.

Please note that due to this the images in typo3temp need to be cleared after upgrading, otherwise a "parameter mismatch" error message will be generated in "click enlarge" windows.

Credits:
Thanks to Martin Klaus for providing a fix.