Component Type: TYPO3 Core
Affected Versions: 4.5.0 up to 4.5.16, 4.6.0 up to 4.6.9, 4.7.0 up to 4.7.1 and development releases of the 6.0 branch.
Bulletin history: July 4, 2012 - corrected Secunia Advisory ID
Vulnerable subcomponent: Flash File Uploader
Vulnerability Type: Cross-Site Scripting
Note: The vulnerability in the swfupload library is addressed by Secunia Advisory SA49651.
Solution: Update to the TYPO3 versions 4.5.17, 4.6.10 or 4.7.2 that fix the problem described!
Credits: Credits go to Nathan Partlan and Neal Poole who discovered the original movieName XSS vulnerability in the swfupload library and Lukas Reschke who reported the problem to the TYPO3 Security Team.