Component Type: Third party extension. This extension is not part of the TYPO3 default installation.
Affected Versions: Version 1.9.3 and below
Vulnerability Type: SQL Injection, Cross Site Scripting
We have received indications that the flaw is already being
Problem Description: Some versions of the extension are exposed to SQL injection because they fail to properly sanitize user-supplied input. Besides that, some versions are not preventing Cross Site Scripting attacks properly.
Solution: An updated version is available from the TYPO3 extension manager and at
Annotation: The TYPO3 Security Team wishes to clarify that we have not yet
been able to get in touch with the author, nor to accomplish a formal
review of the extension. This advisory is being published nevertheless,
because we have received indications that the flaw is already being