FreeBSD : typo3 -- XSS Vulnerability in TYPO3 Core (c28ee9cd-916e-4dcf-8ed3-e97e5846db6c)
High Nessus Plugin ID 59853
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionTypo3 Security Report (TYPO3-CORE-SA-2012-003) :
Input passed via the 'movieName' parameter to swfupload.swf is not properly sanitised before being used in a call to 'ExternalInterface.call()'. This can be exploited to execute arbitrary script code in a user's browser session in context of an affected site. The existance of the swfupload library is sufficient to be vulnerable to the reported problem.
SolutionUpdate the affected packages.