LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

typo3-src: multiple vulnerabilities

Package(s):typo3-src CVE #(s):CVE-2012-3527 CVE-2012-3528 CVE-2012-3529 CVE-2012-3530 CVE-2012-3531
Created:August 31, 2012 Updated:September 6, 2012
Description: From the Debian advisory:

CVE-2012-3527: An insecure call to unserialize in the help system enables arbitrary code execution by authenticated users.

CVE-2012-3528: The TYPO3 backend contains several cross-site scripting vulnerabilities.

CVE-2012-3529: Authenticated users who can access the configuration module can obtain the encryption key, allowing them to escalate their privileges.

CVE-2012-3530: The RemoveXSS HTML sanitizer did not remove several HTML5 JavaScript, thus failing to mitigate the impact of cross-site scripting vulnerabilities.

Alerts:
Debian DSA-2537-1 2012-08-30
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds