typo3 -- Multiple vulnerabilities in TYPO3 Core

2012-11-08T00:00:00
ID 79818EF9-2D10-11E2-9160-00262D5ED8EE
Type freebsd
Reporter FreeBSD
Modified 2012-11-08T00:00:00

Description

Typo Security Team reports:

TYPO3 Backend History Module - Due to missing encoding of user input, the history module is susceptible to SQL Injection and Cross-Site Scripting. A valid backend login is required to exploit this vulnerability. Credits go to Thomas Worm who discovered and reported the issue. TYPO3 Backend API - Failing to properly HTML-encode user input the tree render API (TCA-Tree) is susceptible to Cross-Site Scripting. TYPO3 Versions below 6.0 does not make us of this API, thus is not exploitable, if no third party extension is installed which uses this API. A valid backend login is required to exploit this vulnerability. Credits go to Richard Brain who discovered and reported the issue.