TYPO3 Core TYPO3-SA-2012-005 Multiple Remote Security Vulnerabilities

TYPO3 is prone to multiple remote vulnerabilities including:

1. A cross-site scripting vulnerability
2. An information-disclosure vulnerability
3. An SQL-injection vulnerability,
4. Multiple HTML-injection vulnerabilities

Successful exploiting these issues may allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the website, steal cookie-based credentials, disclose sensitive information, access or modify data, or exploit vulnerabilities in the underlying database. Other attacks are also possible.

The follow versions are affected:

TYPO3 4.5.20 and prior
TYPO3 4.6.13 and prior
TYPO3 4.7.5 and prior


Privacy Statement
Copyright 2010, SecurityFocus