This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.
The remote FreeBSD host is missing one or more security-related
Typo3 Security Report (TYPO3-CORE-SA-2012-003) :
called swfupload. TYPO3 can be configured to use this Flash uploader.
Input passed via the 'movieName' parameter to swfupload.swf is not
properly sanitised before being used in a call to
'ExternalInterface.call()'. This can be exploited to execute arbitrary
script code in a user's browser session in context of an affected
site. The existance of the swfupload library is sufficient to be
vulnerable to the reported problem.
See also :
Update the affected packages.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now