Mads Olesen

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.0.0 through 4.0.9 TYPO3 versions 4.1.0 through 4.1.7 TYPO3 versions 4.2.0 through 4.2.3 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `name` and `content` of indexed files to the Indexed Search Engine system extension, unspecified test scripts in the ADOdb system extension, and unspecified vectors in the Workspace module. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of the vulnerabilities can be carried out remotely. **Recommendations** For versions 4.0.0 through 4.0.9, consider disabling the Indexed Search Engine system extension and restricting access to the ADOdb system extension until a patch is available. For versions 4.1.0 through 4.1.7, restrict access to the Workspace module and avoid using the `name` and `content` variables in the Indexed Search Engine system extension until the issue is resolved. For versions 4.2.0 through 4.2.3, as a temporary workaround, consider disabling the unspecified test scripts in the ADOdb system extension until a patch is available.