FreeBSD : typo3 -- XSS Vulnerability in TYPO3 Core (c28ee9cd-916e-4dcf-8ed3-e97e5846db6c)

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Typo3 Security Report (TYPO3-CORE-SA-2012-003) :

TYPO3 bundles and uses an external JavaScript and Flash Upload Library
called swfupload. TYPO3 can be configured to use this Flash uploader.
Input passed via the 'movieName' parameter to swfupload.swf is not
properly sanitised before being used in a call to
'ExternalInterface.call()'. This can be exploited to execute arbitrary
script code in a user's browser session in context of an affected
site. The existance of the swfupload library is sufficient to be
vulnerable to the reported problem.

See also :

http://www.nessus.org/u?9ffb6715
http://www.nessus.org/u?8f03235a

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 59853 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now