Release Date: May 31, 2016
Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
Affected Versions: version 1.6.8 and below
Vulnerability Type: Cross-Site Scripting
Problem Description: Using an own version of the class GeneralUtility the extension div2007 is susceptible to Non-Persistent Cross-Site Scripting. Further information can be found in the TYPO3-CORE-SA-2015-009 advisory.
Solution: An updated version 1.6.9 is available from the TYPO3 Extension Manager and at https://typo3.org/extensions/repository/download/div2007/1.6.9/t3x/. Users of the extension are advised to update the extension as soon as possible.
Credits: Credits go to Stephan Großberndt who discovered and reported the vulnerability.