• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

TYPO3 WT Gallery Extension Multiple Input Validation Vulnerabilities

The WT Gallery extension for TYPO3 is prone to a cross-site scripting vulnerability and multiple information-disclosure vulnerabilities because it fails to properly verify user-supplied input.

An attacker may leverage these issues to obtain potentially sensitive information and to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.

WT Gallery (wt_gallery) 2.6.2 and earlier are affected by the cross-site scripting issue.
WT Gallery (wt_gallery) 2.5.0 and earlier are affected by the information-disclosure issues.