Malte Jansen

**Name of the Vulnerable Software and Affected Versions** TYPO3 flatmgr extension versions prior to 1.9.16 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions prior to 1.9.16, update to version 1.9.16 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Calendar Base (cal) extension version prior to 1.1.1 **Description** A cross-site scripting issue exists, allowing remote attackers to inject arbitrary web script or HTML via search parameters when using Internet Explorer 6. **Recommendations** For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the search functionality until the update is applied.