Vigil@nce - TYPO3: four vulnerabilities
November 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use four vulnerabilities of TYPO3, in order to
obtain/alter information, or to create a Cross Site Scripting.
– Impacted products: Debian, TYPO3
– Severity: 2/4
– Creation date: 08/11/2012
DESCRIPTION OF THE VULNERABILITY
Four vulnerabilities were announced in TYPO3.
An authenticated attacker can inject SQL data or create a Cross
Site Scripting in the Backend History module. [severity:2/4]
An authenticated attacker can read all previous modifications via
the Backend History module. [severity:1/4]
An attacker can generate a Cross-Site Scripting via an application
using the TCA-Tree API. [severity:2/4]
An attacker can generate a Cross-Site Scripting via an application
using the menu API. [severity:2/4]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/TYPO3-four-vulnerabilities-12122