lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4517BA8C.7080405@moritz-naumann.com>
Date: Mon, 25 Sep 2006 13:16:28 +0200
From: Moritz Naumann <security@...itz-naumann.com>
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>, 
	bugtraq@...urityfocus.com
Subject: Typo3 v4.x: XSS in extension "Indexed Search"
	v2.9.0

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There's a XSS issue in the 'Indexed search' extension 2.9.0 for Typo3.
This extension is part of a default Typo3 4.0.x installlation.

Typo3 4.0.2 fixes it.

http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/

Credits go to Mr. Ekkehard Gümbel (discovery) and Mr. Ingmar Schlecht
(patch).

This is rather old, dating back to september 11th. Unfortunately Typo3
advisories rarely end up here.
http://typo3.org/teams/security/security-bulletins/

Moritz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFF7qMn6GkvSd/BgwRAoNkAJ0aT/fKl7juL2J/BMu/R6agJqxykwCdGqc8
Mufef7E2mYQKUgFibpnoKbs=
=CWLZ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ