TYPO3 Core TYPO3-SA-2010-020 Multiple Security Vulnerabilities

TYPO3 is prone to multiple security vulnerabilities, including:

Multiple cross-site-scripting vulnerabilities
Multiple remote file-disclosure vulnerabilities
A privilege-escalation vulnerability
A denial-of-service vulnerability

An attacker can exploit these issues to view and read arbitrary files, execute arbitrary script code, steal cookie-based authentication credentials, gain unauthorized access to the affected application, and deny service to legitimate users. Other attacks are also possible.

The follow versions are affected:

TYPO3 4.2 (4.2.14 and prior)
TYPO3 4.3 (4.3.6 and prior)
TYPO3 4.4 (4.4.3 and prior)


Privacy Statement
Copyright 2010, SecurityFocus