| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Sep 2006 13:16:28 +0200 From: Moritz Naumann <security@...itz-naumann.com> To: Full Disclosure <full-disclosure@...ts.grok.org.uk>, bugtraq@...urityfocus.com Subject: Typo3 v4.x: XSS in extension "Indexed Search" v2.9.0 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There's a XSS issue in the 'Indexed search' extension 2.9.0 for Typo3. This extension is part of a default Typo3 4.0.x installlation. Typo3 4.0.2 fixes it. http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/ Credits go to Mr. Ekkehard Gümbel (discovery) and Mr. Ingmar Schlecht (patch). This is rather old, dating back to september 11th. Unfortunately Typo3 advisories rarely end up here. http://typo3.org/teams/security/security-bulletins/ Moritz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFF7qMn6GkvSd/BgwRAoNkAJ0aT/fKl7juL2J/BMu/R6agJqxykwCdGqc8 Mufef7E2mYQKUgFibpnoKbs= =CWLZ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists