Steffen Müller

**Name of the Vulnerable Software and Affected Versions** Content Rating extension versions 1.0.3 and earlier for TYPO3 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. **Recommendations** For Content Rating extension versions 1.0.3 and earlier, update to a version later than 1.0.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Content Rating extension versions 1.0.3 and earlier for TYPO3 **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For Content Rating extension versions 1.0.3 and earlier, update to a version later than 1.0.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Content Rating Extbase extension versions 2.0.3 and earlier **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions 2.0.3 and earlier, update to a version later than 2.0.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Store Locator extension versions prior to 1.2.8 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions prior to 1.2.8, update to version 1.2.8 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 Directory Listing (dir listing) extension version 1.1.0 and earlier **Description** A directory traversal issue exists, allowing remote attackers to have an unspecified impact. The attack vector is unknown. **Recommendations** For versions 1.1.0 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TYPO3 ultraCards (th ultracards) extension versions prior to 0.5.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. **Recommendations** For versions prior to 0.5.1, update to version 0.5.1 or later to resolve the issue.