Component Type: Third party extension. This extension is not part of the TYPO3 default installation
Affected Versions: Version 4.2.4 and all versions below
Vulnerability Type: XSS and SQL Injection
Problem Description: Multiple vulnerabilities has been found. Incorrect handling of input from GET/POST-variables, and allowing an attacker to execute XSS and/or SQL Injection attacks.
Solution: An updated version is available from the TYPO3 extension manager at
General advice: Follow the recommendations that are given in the TYPO3 SECURITY Guide.
Credits: Credits go to the company Citeq who sponsored the review of the extension and fixed the found issues. The review was performed by Peter Niederlag, Sven GÃ¤hle and partly Rupert German.