Because we're damned if we do, and we're damned if we don't!
Original Release Date: 14 April 2010
Vendor: Third party extension – Frontend User Registration (sr_feuser_register)
Product: TYPO3 CMS – Vulnerabilitiy in extension Frontend User Registration (sr_feuser_register)
Extension versions :
- Versions prior to 2.5.25
Vulnerability Type: Cross-Site Scripting
Overall Severity: Medium
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C
TYPO3 installations that use sr_feuser_register extension are exposed to possible Cross-Site Scripting style attacks against users of the CMS
Updated versions are available from the TYPO3 extension manager.
Users are advised to upgrade to extension version 2.5.25 which is available at http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.25/
Credits go to Chris John Riley, who discovered and reported the issue.
- TYPO3 Advisory (TYPO3-SA-2010-009)