TYPO3 is prone to multiple remote vulnerabilities, including:
Cross site scripting vulnerabilities
Authentication-bypass vulnerabilities
Information-disclosure vulnerabilities
SQL-injection vulnerabilities
HTML-injection vulnerabilities
A session-fixation vulnerability
An open-email-relay vulnerability
Random-number generation issues
An attacker can exploit these issues to execute arbitrary script code, steal cookie-based authentication credentials, obtain sensitive information, gain unauthorized access to the affected application, bypass certain security restrictions, compromise the affected application, exploit latent vulnerabilities in the underlying database, and send unsolicited emails. Other attacks are also possible.
The follow versions are affected
TYPO3 4.1 (4.1.13 and prior)
TYPO3 4.2 (4.2.12 and prior)
TYPO3 4.3 (4.3.3 and prior)
TYPO3 4.4 (4.4 and prior)
Information
Typo3 Typo3 4.3.3
Typo3 Typo3 4.3.2
Typo3 Typo3 4.3.1
Typo3 Typo3 4.3
Typo3 Typo3 4.2.12
Typo3 Typo3 4.2.11
Typo3 Typo3 4.2.10
Typo3 Typo3 4.2.9
Typo3 Typo3 4.2.6
Typo3 Typo3 4.2.4
Typo3 Typo3 4.2.3
Typo3 Typo3 4.2.2
Typo3 Typo3 4.2.1
Typo3 Typo3 4.2
Typo3 Typo3 4.1.13
Typo3 Typo3 4.1.12
Typo3 Typo3 4.1.10
Typo3 Typo3 4.1.8
Typo3 Typo3 4.1.7
Typo3 Typo3 4.1.6
Typo3 Typo3 4.1.4
Typo3 Typo3 4.1
Typo3 Typo3 4.3.0beta1
Typo3 Typo3 4.1beta
Typo3 Typo3 4.1 RC1
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
Typo3 Typo3 4.1.14
Typo3 Typo3 4.3.4
Typo3 Typo3 4.2.13
Exploit
Attackers can use a browser to exploit these issues. To exploit a cross-site scripting vulnerability, an attacker must entice an unsuspecting victim to follow a malicious URI.
References: