AOH :: HP Unsorted T :: B06-4873.HTM

Typo3 v4.x: XSS in extension "Indexed Search" v2.9.0



Typo3 v4.x: XSS in extension "Indexed Search" v2.9.0
Typo3 v4.x: XSS in extension "Indexed Search" v2.9.0



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There's a XSS issue in the 'Indexed search' extension 2.9.0 for Typo3.
This extension is part of a default Typo3 4.0.x installlation.

Typo3 4.0.2 fixes it.

http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/ 

Credits go to Mr. Ekkehard G=C3=BCmbel (discovery) and Mr. Ingmar Schlecht
(patch).

This is rather old, dating back to september 11th. Unfortunately Typo3
advisories rarely end up here.
http://typo3.org/teams/security/security-bulletins/ 

Moritz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFF7qMn6GkvSd/BgwRAoNkAJ0aT/fKl7juL2J/BMu/R6agJqxykwCdGqc8
Mufef7E2mYQKUgFibpnoKbs=CWLZ
-----END PGP SIGNATURE-----

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.