FreeBSD : typo3 -- XSS Vulnerability in TYPO3 Core (c28ee9cd-916e-4dcf-8ed3-e97e5846db6c)

High Nessus Plugin ID 59853


The remote FreeBSD host is missing one or more security-related updates.


Typo3 Security Report (TYPO3-CORE-SA-2012-003) :

TYPO3 bundles and uses an external JavaScript and Flash Upload Library called swfupload. TYPO3 can be configured to use this Flash uploader.
Input passed via the 'movieName' parameter to swfupload.swf is not properly sanitised before being used in a call to ''. This can be exploited to execute arbitrary script code in a user's browser session in context of an affected site. The existance of the swfupload library is sufficient to be vulnerable to the reported problem.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 59853

File Name: freebsd_pkg_c28ee9cd916e4dcf8ed3e97e5846db6c.nasl

Version: $Revision: 1.3 $

Type: local

Published: 2012/07/06

Modified: 2014/08/13

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:typo3, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2012/07/06

Vulnerability Publication Date: 2012/07/04

Reference Information

Secunia: 49780