Detections
Analytics

FreeBSD : typo3 -- XSS Vulnerability in TYPO3 Core (c28ee9cd-916e-4dcf-8ed3-e97e5846db6c)

high Nessus Plugin ID 59853

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Typo3 Security Report (TYPO3-CORE-SA-2012-003) :

TYPO3 bundles and uses an external JavaScript and Flash Upload Library called swfupload. TYPO3 can be configured to use this Flash uploader.
Input passed via the 'movieName' parameter to swfupload.swf is not properly sanitised before being used in a call to 'ExternalInterface.call()'. This can be exploited to execute arbitrary script code in a user's browser session in context of an affected site. The existance of the swfupload library is sufficient to be vulnerable to the reported problem.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?9ffb6715

http://www.nessus.org/u?9f0596f7

Plugin Details

Severity: High

ID: 59853

File Name: freebsd_pkg_c28ee9cd916e4dcf8ed3e97e5846db6c.nasl

Version: 1.6

Type: local

Published: 7/6/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:typo3, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 7/6/2012

Vulnerability Publication Date: 7/4/2012

Reference Information

Secunia: 49780