Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

TYPO3-SA-2009-016 – felogin


Original Release Date: October 22, 2009

Vendor: TYPO3 (Core)

Product: TYPO3 CMS – Frontend Login Box (felogin)

Affected Versions

TYPO3 versions :

  • 4.2.0 – 4.2.6
  • Other versions not tested

Vulnerability Type: Cross-Site Scripting

Overall Severity: Medium

Problem Description

Failing to sanitize URL parameters the Frontend Login Box box is susceptible to XSS.


TYPO3 installations that use the felogin feature are exposed to possible Cross-Site Scripting style attacks against users of the CMS

Vendor Response

This problem only exists in TYPO3 versions 4.2.0 – 4.2.6 and was already fixed for version 4.2.7 while fixing a non security related issue.


Credits go to Chirs John Riley who discovered and reported the issue and to Stefan Lang who discovered and reported the related issue.



Get every new post delivered to your Inbox.

Join 3,075 other followers

%d bloggers like this: