TYPO3 News & Events Hub
What’s New & What’s Coming
Multiple vulnerabilities in extension Frontend Filemanager (air_filemanager)
It has been discovered that the extension Frontend Filemanager (air_filemanager) is susceptible to Cross Site Scripting (XSS) attacks and allows Remote Code Execution.
Read moreSecurity Bulletin TYPO3-20080515-2: Multiple vulnerabilities in extension Frontend Filemanager (air_filemanager)
It has been discovered that the extension Frontend Filemanager (air_filemanager) is susceptible to Cross Site Scripting (XSS) attacks and allows Remote Code Execution.
Security Bulletin TYPO3-20080515-1: Multiple vulnerabilities in extension Frontend User Registration (sr_feuser_register)
It has been discovered that the extension Frontend User Registration (sr_feuser_register) is susceptible to Cross Site Scripting (XSS) attacks and allows Remote Command Execution.
Multiple vulnerabilities in extension Statistics (ke_stats)
It has been discovered that the extension Statistics (ke_stats) is vulnerable to Blind SQL Injection attacks. Also, a Cross Site Scripting issue has been found.
Cross Site Scripting vulnerability in extension Event Database (rlmp_eventdb)
It has been discovered that the extension Event Database (rlmp_eventdb) is susceptible to Cross Site Scripting (XSS) attacks.
Cross Site Scripting vulnerability in extension Questionaire (pbsurvey)
It has been discovered that the extension Questionaire (pbsurvey) is susceptible to Cross Site Scripting (XSS) attacks.
Multiple vulnerabilities in extension WT Gallery (wt_gallery)
It has been discovered that the extension wt_gallery is susceptible to Path Traversal and Cross Site Scripting (XSS) attacks. Besides that, it may disclose sensitive information.
Security Bulletin TYPO3-20080513-4: Multiple vulnerabilities in extension Statistics (ke_stats)
It has been discovered that the extension Statistics (ke_stats) is vulnerable to Blind SQL Injection attacks. Also, a Cross Site Scripting issue has been found.
Security Bulletin TYPO3-20080513-3: Cross Site Scripting vulnerability in extension Event Database (rlmp_eventdb)
It has been discovered that the extension Event Database (rlmp_eventdb) is susceptible to Cross Site Scripting (XSS) attacks.
Security Bulletin TYPO3-20080513-2: Cross Site Scripting vulnerability in extension Questionaire (pbsurvey)
It has been discovered that the extension Questionaire (pbsurvey) is susceptible to Cross Site Scripting (XSS) attacks.
Security Bulletin TYPO3-20080513-1: Multiple vulnerabilities in extension WT Gallery (wt_gallery)
It has been discovered that the extension WT Gallery (wt_gallery) is susceptible to Path Traversal and Cross Site Scripting (XSS) attacks. Besides that, it may disclose sensitive information.
TYPO3 v5 project report: April 2008
For all of you who are not that deeply involved in the making of TYPO3 v5, I have collected the most important bits of last month's activities.
Cross Site Scripting vulnerability in extension powermail
It has been discovered that the extension powermail is susceptible to Cross Site Scripting (XSS) attacks.
Multiple vulnerabilities in extension MailformPlus (th_mailformplus)
It has been discovered that the extension MailformPlus (th_mailformplus) is susceptible to Cross Site Scripting (XSS) attacks and allows Remote Code Execution.
Security Bulletin TYPO3-20080505-2: Cross Site Scripting vulnerability in extension powermail
It has been discovered that the extension powermail is susceptible to Cross Site Scripting (XSS) attacks.
Security Bulletin TYPO3-20080505-1: Multiple vulnerabilities in extension MailformPlus (th_mailformplus)
It has been discovered that the extension MailformPlus (th_mailformplus) is susceptible to Cross Site Scripting (XSS) attacks and allows Remote Code Execution.
TYPO3 Association releases Version 4.2: Focus on Usability and Performance Improvements
BAAR - The TYPO3 Association 4.x Development Team has released a new version of their very successful open source project. TYPO3 has been downloaded over 3.000.000 times from Sourceforge.org which makes it one of the World's leading enterprise Open...
T3BOARD09
Lightning does hit twice! T3BOARD returns to LAAX from the 22. to the 29. of march 2009!
TYPO3 4.2 RC 2
The core team is proud to announce the second Release Candidate of TYPO3 version 4.2. We now think that we do have all blockers for a final release fixed so that if no critical bugs are found in this release candidate this will be the final release...
Vulnerabilities in extensions in pmk_rssnewsexport and scm_rdfexport
It has been discovered that the extensions pmk_rssnewsexport and cm_rdfexport are vulnerable to SQL Injection attacks.