[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4517BA8C.7080405@moritz-naumann.com>
Date: Mon, 25 Sep 2006 13:16:28 +0200
From: Moritz Naumann <security@...itz-naumann.com>
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>,
bugtraq@...urityfocus.com
Subject: Typo3 v4.x: XSS in extension "Indexed Search"
v2.9.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There's a XSS issue in the 'Indexed search' extension 2.9.0 for Typo3.
This extension is part of a default Typo3 4.0.x installlation.
Typo3 4.0.2 fixes it.
http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/
Credits go to Mr. Ekkehard Gümbel (discovery) and Mr. Ingmar Schlecht
(patch).
This is rather old, dating back to september 11th. Unfortunately Typo3
advisories rarely end up here.
http://typo3.org/teams/security/security-bulletins/
Moritz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFF7qMn6GkvSd/BgwRAoNkAJ0aT/fKl7juL2J/BMu/R6agJqxykwCdGqc8
Mufef7E2mYQKUgFibpnoKbs=
=CWLZ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists