Component Type: TYPO3 Core
Affected Version: TYPO3 version 4.2.2
Vulnerability Type: Cross Site Scripting
Vulnerability: Backend module "file" is susceptible to Cross-Site Scripting.
Solution: Update to TYPO3 version 4.2.3 that fixes the issue described.
Credits: Credits go to TYPO3 Security Team member Marcus Krause who reported the issue. The TYPO3 Security Team also wishes to thank Marcus Krause for fixing the issue in cooperation with the core team member Ingo Renner.