[Secure-testing-team] Bug#505324: typo3-src: Cross-Site Scripting (XSS) in BE module fileadmin
Christian Welzel
gawain at camlann.de
Tue Nov 11 18:46:08 UTC 2008
Package: typo3-src
Version: 4.2.2
Severity: grave
Tags: security
Justification: user security hole
the version 4.2.2 of typo3 is vulnerable to a xss attack in the backend
modul "fileadmin".
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (650, 'testing'), (600, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
More information about the Secure-testing-team
mailing list