Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

TYPO3-SA-2010-009 – sr_feuser_register


Original Release Date: 14 April 2010

Vendor: Third party extension – Frontend User Registration (sr_feuser_register)

Product: TYPO3 CMS – Vulnerabilitiy in extension Frontend User Registration (sr_feuser_register)

Affected Versions

Extension versions :

  • Versions prior to 2.5.25

Vulnerability Type: Cross-Site Scripting

Overall Severity: Medium

Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C

Problem Description

Failing to validate and sanitize user input the extension is susceptible to Cross Site Scripting (XSS), making it possible to execute arbitrary JavaScript.


TYPO3 installations that use sr_feuser_register extension are exposed to possible Cross-Site Scripting style attacks against users of the CMS


Updated versions are available from the TYPO3 extension manager.

Users are advised to upgrade to extension version 2.5.25 which is available at http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.25/


Credits go to Chris John Riley, who discovered and reported the issue.


%d bloggers like this: