Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

TYPO3-SA-2010-009 – sr_feuser_register

TYPO3-SA-2010-009

Original Release Date: 14 April 2010

Vendor: Third party extension – Frontend User Registration (sr_feuser_register)

Product: TYPO3 CMS – Vulnerabilitiy in extension Frontend User Registration (sr_feuser_register)

Affected Versions

Extension versions :

  • Versions prior to 2.5.25

Vulnerability Type: Cross-Site Scripting

Overall Severity: Medium

Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C

Problem Description

Failing to validate and sanitize user input the extension is susceptible to Cross Site Scripting (XSS), making it possible to execute arbitrary JavaScript.

Impact

TYPO3 installations that use sr_feuser_register extension are exposed to possible Cross-Site Scripting style attacks against users of the CMS

Solution

Updated versions are available from the TYPO3 extension manager.

Users are advised to upgrade to extension version 2.5.25 which is available at http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.25/

Credit(s)

Credits go to Chris John Riley, who discovered and reported the issue.

References

Follow

Get every new post delivered to your Inbox.

Join 122 other followers

%d bloggers like this: