• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

TYPO3 Frontend User Registration Extension Multiple Input Validation Vulnerabilities

The Frontend User Registration extension for TYPO3 is prone to a cross-site scripting vulnerability and a remote command-execution vulnerability because it fails to properly verify user-supplied input.

An attacker may leverage these issues to delete arbitrary files on the webserver or to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks. Additional attacks may also be possible.

The following are affected:

- Versions prior to Frontend User Registration (sr_feuser_register) 2.2.8 (for TYPO3 version 3)
- Versions prior to Frontend User Registration (sr_feuser_register) 2.5.10 (for TYPO3 version 4)