André Koch

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.5.0 through 4.5.31 TYPO3 versions 4.7.0 through 4.7.16 TYPO3 versions 6.0.0 through 6.0.11 TYPO3 versions 6.1.0 through 6.1.6 **Description** A cross-site scripting (XSS) issue exists in the errorAction method in the ActionController base class in the Extbase Framework. This occurs when the Rewritten Property Mapper is enabled, allowing remote attackers to inject arbitrary web script or HTML via unspecified input, which is returned in an error message. **Recommendations** For TYPO3 versions 4.5.0 through 4.5.31, update to a version outside of this range to mitigate the risk. For TYPO3 versions 4.7.0 through 4.7.16, update to a version outside of this range to mitigate the risk. For TYPO3 versions 6.0.0 through 6.0.11, update to a version outside of this range to mitigate the risk. For TYPO3 versions 6.1.0 through 6.1.6, update to a version outside of this range to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.5.x through 4.5.31 TYPO3 versions 4.7.x through 4.7.16 TYPO3 versions 6.0.x through 6.0.11 TYPO3 versions 6.1.x through 6.1.6 TYPO3 development versions of 6.2 **Description** The issue concerns multiple cross-site scripting (XSS) vulnerabilities in Content Editing Wizards. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via unspecified parameters. **Recommendations** For TYPO3 versions 4.5.x through 4.5.31, update to version 4.5.32 or later. For TYPO3 versions 4.7.x through 4.7.16, update to version 4.7.17 or later. For TYPO3 versions 6.0.x through 6.0.11, update to version 6.0.12 or later. For TYPO3 versions 6.1.x through 6.1.6, update to version 6.1.7 or later. For TYPO3 development versions of 6.2, consider avoiding the use of Content Editing Wizards until a fixed version is available.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.5.x through 4.5.31 TYPO3 versions 4.7.x through 4.7.16 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. **Recommendations** For TYPO3 versions 4.5.x through 4.5.31, update to version 4.5.32 or later. For TYPO3 versions 4.7.x through 4.7.16, update to version 4.7.17 or later.