[Full-disclosure] Typo3 v4.x: XSS in extension "Indexed Search" v2.9.0

2006-09-25T00:00:00
ID SECURITYVULNS:DOC:14406
Type securityvulns
Reporter Securityvulns
Modified 2006-09-25T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

There's a XSS issue in the 'Indexed search' extension 2.9.0 for Typo3. This extension is part of a default Typo3 4.0.x installlation.

Typo3 4.0.2 fixes it.

http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/

Credits go to Mr. Ekkehard Gumbel (discovery) and Mr. Ingmar Schlecht (patch).

This is rather old, dating back to september 11th. Unfortunately Typo3 advisories rarely end up here. http://typo3.org/teams/security/security-bulletins/

Moritz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFF7qMn6GkvSd/BgwRAoNkAJ0aT/fKl7juL2J/BMu/R6agJqxykwCdGqc8 Mufef7E2mYQKUgFibpnoKbs= =CWLZ -----END PGP SIGNATURE-----