Component Type: TYPO3 Core
Affected Versions: TYPO3 versions 4.2.0, 4.2.1 and 4.2.2
Vulnerability Type: Cross Site Scripting
Vulnerability: The frontend plugin of system extension "felogin" is susceptible to Cross-Site Scripting.
Severity: Medium
Problem Description: Failing to filter user input, the system extension is susceptible to Cross-Site Scripting making it possible to execute arbitrary JavaScript.
Note: This vulnerability can be exploited to execute arbitrary JavaScript by tricking a website user into following a specially crafted link. Users of system extension felogin are strongly advised to update their TYPO3 version. TYPO3 versions below 4.2.x are not vulnerable!
Solution: Update to TYPO3 version 4.2.3 that fixes the issue described.
Credits: Credits go to Dirk Hoffmann who reported the issue. The TYPO3 Security Team also wishes to thank TYPO3 Core Team members Dmitry Dulepov and Steffen Kamper for fixing the issue.