Typo3 v4.x: XSS in extension "Indexed Search" v2.9.0

To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Typo3 v4.x: XSS in extension "Indexed Search" v2.9.0
From: Moritz Naumann <security@xxxxxxxxxxxxxxxxxx>
Date: Mon, 25 Sep 2006 13:16:28 +0200
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Openpgp: id=277F060C; url=http://moritz-naumann.com/keys/0x277F060C.asc
Organization: Moritz Naumann IT Consulting & Services
User-agent: Mozilla/5.0 (X11; U; Linux) Thunderbird

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There's a XSS issue in the 'Indexed search' extension 2.9.0 for Typo3.
This extension is part of a default Typo3 4.0.x installlation.

Typo3 4.0.2 fixes it.

http://typo3.org/teams/security/security-bulletins/typo3-20060911-1/

Credits go to Mr. Ekkehard Gümbel (discovery) and Mr. Ingmar Schlecht
(patch).

This is rather old, dating back to september 11th. Unfortunately Typo3
advisories rarely end up here.
http://typo3.org/teams/security/security-bulletins/

Moritz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFF7qMn6GkvSd/BgwRAoNkAJ0aT/fKl7juL2J/BMu/R6agJqxykwCdGqc8
Mufef7E2mYQKUgFibpnoKbs=
=CWLZ
-----END PGP SIGNATURE-----

Prev by Date: [RISE-2006002] FreeBSD 5.x kernel i386_set_ldt() integer overflow vulnerability
Next by Date: phpstak <= Remote File Include Vulnerability
Previous by thread: [RISE-2006002] FreeBSD 5.x kernel i386_set_ldt() integer overflow vulnerability
Next by thread: phpstak <= Remote File Include Vulnerability
Index(es):
- Date
- Thread