Component Type: Third Party Extension. The extension is not part of the
TYPO3 default installation
Affected Components: tipafriend
Versions: 1.2.1 and earlier
Vulnerability Type: Cross Site Scripting
An updated version 1.2.2 is available in the extension repository and at typo3.org/extensions/repository/search/tipafriend/1.2.2/
Users of the extension tipafriend are advised to update the extension immidiately.
Credits: Special thanks to Rupert Germann, who is not the extension author, but volunteered to update the extension