openSUSE Security Update : typo3-cms-4_5 (openSUSE-SU-2014:0813-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

typo3-cms-4_5 was updated to version 4.5.34 to fix eight security
vulnerabilities and several other bugs.

These security problems where fixed :

- Add trusted HTTP_HOST configuration (CVE-2014-3941)

- XSS in (old) extension manager information function

- XSS in new content element wizard (CVE-2014-3943)

- XSS in template tools on root page (CVE-2014-3943)

- XSS in Backend Layout Wizard (CVE-2014-3943)

- Encode URL for use in JavaScript (CVE-2014-3943)

- Fix insecure unserialize in colorpicker (CVE-2014-3942)

- Remove charts.swf to get rid of XSS vulnerability

See also :

Solution :

Update the affected typo3-cms-4_5 package.

Risk factor :

Medium / CVSS Base Score : 6.0

Family: SuSE Local Security Checks

Nessus Plugin ID: 76135 ()

Bugtraq ID:

CVE ID: CVE-2014-3941

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now