Alex Kellner

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.3.0 through 6.2.24 TYPO3 versions 7.x through 7.6.8 TYPO3 version 8.1.1 **Description** The issue allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action. It is caused by deserialization problems in the Extbase extension of the TYPO3 content management system. Exploitation of the issue may allow a remote attacker to execute arbitrary code. **Recommendations** For TYPO3 versions 4.3.0 through 6.2.24, update to version 6.2.24 or later. For TYPO3 versions 7.x through 7.6.8, update to version 7.6.8 or later. For TYPO3 version 8.1.1, update to a later version.

**Name of the Vulnerable Software and Affected Versions** TYPO3 extension div2007 versions prior to 0.10.2 **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is related to the t3lib div::quoteJSvalue function. **Recommendations** For versions prior to 0.10.2, update to version 0.10.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the Static Methods since 2007 (div2007) extension until the update is applied.

**Name of the Vulnerable Software and Affected Versions** TYPO3 PHPUnit extension versions prior to 3.5.15 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 3.5.15, update to version 3.5.15 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 News system (news) extension versions prior to 1.3.3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions prior to 1.3.3, update to version 1.3.3 or later to resolve the issue.